From dd93d2b3df1bcaececef3f74ae849990f3718174 Mon Sep 17 00:00:00 2001
From: Devin Ivy <devinivy@gmail.com>
Date: Wed, 3 Jan 2024 20:25:51 -0500
Subject: [PATCH] for testing, support both bearer dids and proper jwts

---
 packages/bsky/src/auth.ts | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/packages/bsky/src/auth.ts b/packages/bsky/src/auth.ts
index 36dedb31e0c..6e8a14629cb 100644
--- a/packages/bsky/src/auth.ts
+++ b/packages/bsky/src/auth.ts
@@ -9,15 +9,30 @@ const BEARER = 'Bearer '
 
 // @NOTE this is not safe for production! it has been modified for testing purposes to sidestep jwt auth, allow providing a did directly.
 export const authVerifier = (
-  _idResolver: IdResolver,
+  idResolver: IdResolver,
   opts: { aud: string | null },
 ) => {
+  const getSigningKey = async (
+    did: string,
+    forceRefresh: boolean,
+  ): Promise<string> => {
+    const atprotoData = await idResolver.did.resolveAtprotoData(
+      did,
+      forceRefresh,
+    )
+    return atprotoData.signingKey
+  }
+
   return async (reqCtx: { req: express.Request; res: express.Response }) => {
-    const did = getJwtStrFromReq(reqCtx.req)
-    if (!did) {
+    const jwtStr = getJwtStrFromReq(reqCtx.req)
+    if (!jwtStr) {
       throw new AuthRequiredError('missing jwt', 'MissingJwt')
     }
-    return { credentials: { did }, artifacts: { aud: opts.aud } }
+
+    const payload = jwtStr.startsWith('did:')
+      ? { iss: jwtStr }
+      : await verifyJwt(jwtStr, opts.aud, getSigningKey)
+    return { credentials: { did: payload.iss }, artifacts: { aud: opts.aud } }
   }
 }