The Bluesky PDS is in the Digital Ocean marketplace.
This is a stub, and could use fleshing out about the DO flow and any issues or tips around deploying on Digital Ocean
I have a question about self-hosted PDSes, one of which is the TypeScript variety hosted on DigitalOcean. I have found that the jwks_uri on both of my instances doesn’t have any keys listed. I get this when I call https://bsky.alljoin.me/oauth/jwks:
{"keys":[]}
Does anyone know why this is? Bluesky doesn’t have this issue, hitting the equivalent URL: https://bsky.social/oauth/jwks gives this:
{
"keys": [
{
"kty": "EC",
"alg": "ES256K",
"use": "sig",
"crv": "secp256k1",
"x": "GgskXhf9OJFxYNovWiwq35akQopFXS6Tzuv0Y-B6q8I",
"y": "Cv8TnJVvra7TmYsaO-_nwhpD2jpfdnRE_TAeuvxLgJE"
}
]
}
Any insight would be greatly appreciated!
1 Like
Tried it on the the three PDS that I have full access to and also get empty keys.
That bsky.social will of course be the gateway/entryway, not an individual on
Getting https://morel.us-east.host.bsky.network/oauth/jwks gives me Cannot GET /oauth/jwks
I don’t know what is supposed to be happening here!
Yeah, it’s an odd one, the authorisation server for the Bluesky PDS fleet is on the central bsky.social endpoint but each self-hosted PDS gives the authorisation server as itself.
I’m trying to implement a verification check that the access token that has been generated by the user’s PDS, I’ve got it working with the Bluesky fleet and fall back to using the token to make a request to self-hosted PDSes, but it would be good to cover all options.