ATproto login is broken

[matthieusieben]

Describe the bug

I tried to "Connect with Bluesky" to like a package then got a redirection error:

401
Unauthorized

OAuth "invalid_client_metadata" error: Unable to obtain client metadata for "https://coc.npmx.dev/oauth-client-metadata.json": unexpected redirect. Please login and try again.

It looks like the OAuth client metadata contains invalid URIs referencing "coc.npmx.dev":

{
  "client_name": "npmx.dev",
  "client_id": "https://coc.npmx.dev/oauth-client-metadata.json",
  "client_uri": "https://coc.npmx.dev",
  "scope": "atproto repo:dev.npmx.feed.like repo:dev.npmx.actor.profile",
  "redirect_uris": ["https://coc.npmx.dev/api/auth/atproto"],
  "grant_types": ["authorization_code", "refresh_token"],
  "application_type": "web",
  "dpop_bound_access_tokens": true,
  "response_types": ["code"],
  "subject_type": "public",
  "authorization_signed_response_alg": "RS256",
  "token_endpoint_auth_method": "private_key_jwt",
  "jwks_uri": "https://coc.npmx.dev/.well-known/jwks.json",
  "token_endpoint_auth_signing_alg": "ES256"
}

Additional context

No response

Logs

[matthieusieben]

cc @fatfingers23

[fatfingers23]

Thank you for the issue! We're dynamically loading in the urls so it can work for the Vercel preview links when a PR happens. It looks like it was working and loading in the right URL when I just tried.

npmx.dev/modules/oauth.ts

Line 16 in 64a3cf2

const clientUri = productionUrl || previewUrl || 'http://127.0.0.1:3000'

But I wonder if there's a race condition at some point where on release/prerender that it is getting set to another one of our URLs. Will think on it and look around some more.

[danielroe]

@fatfingers23 that's done at build time so shouldn't be susceptible to race conditions.

[byarielm]

Got an error on main.npmx.dev but not npmx.dev - tried on mobile so all I’ve got for the error is this screenshot 😅

UPDATE: I've repeated this a few times with my main account and a mushroom account. I have no issues on npmx.dev for both but neither works on main.npmx.dev (get the 404 error below) - @matthieusieben is that where you tried logging in when you got the error?