From 5c11dbc37a3e83b72eab882811ba1a3289a03817 Mon Sep 17 00:00:00 2001
From: Vordgi <sasha2822222@gmail.com>
Date: Thu, 5 Feb 2026 13:09:46 +0000
Subject: [PATCH 1/4] draft: check redirect url

---
 server/api/auth/atproto.get.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api/auth/atproto.get.ts b/server/api/auth/atproto.get.ts
index 581c91294c..7586c67ca0 100644
--- a/server/api/auth/atproto.get.ts
+++ b/server/api/auth/atproto.get.ts
@@ -81,7 +81,7 @@ export default defineEventHandler(async event => {
         scope,
         prompt: create ? 'create' : undefined,
       })
-      return sendRedirect(event, redirectUrl.toString())
+      return redirectUrl
     } catch (error) {
       const message = error instanceof Error ? error.message : 'Authentication failed.'
 

From b2e167e8efd9ffef05ba037543d8b1deff5bd8d0 Mon Sep 17 00:00:00 2001
From: Vordgi <sasha2822222@gmail.com>
Date: Thu, 5 Feb 2026 13:13:19 +0000
Subject: [PATCH 2/4] draft: check api route

---
 server/api/auth/atproto.get.ts | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/server/api/auth/atproto.get.ts b/server/api/auth/atproto.get.ts
index 7586c67ca0..45fa509619 100644
--- a/server/api/auth/atproto.get.ts
+++ b/server/api/auth/atproto.get.ts
@@ -76,12 +76,7 @@ export default defineEventHandler(async event => {
           message: 'Handle not provided in query',
         })
       }
-
-      const redirectUrl = await atclient.authorize(handle, {
-        scope,
-        prompt: create ? 'create' : undefined,
-      })
-      return redirectUrl
+      return "this api works"
     } catch (error) {
       const message = error instanceof Error ? error.message : 'Authentication failed.'
 

From 62e4056c4ee9d2dba796acfd6b0f513c0df47e49 Mon Sep 17 00:00:00 2001
From: Vordgi <sasha2822222@gmail.com>
Date: Thu, 5 Feb 2026 13:20:12 +0000
Subject: [PATCH 3/4] draft: check auth state

---
 server/api/auth/atproto.get.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/api/auth/atproto.get.ts b/server/api/auth/atproto.get.ts
index 45fa509619..7586c67ca0 100644
--- a/server/api/auth/atproto.get.ts
+++ b/server/api/auth/atproto.get.ts
@@ -76,7 +76,12 @@ export default defineEventHandler(async event => {
           message: 'Handle not provided in query',
         })
       }
-      return "this api works"
+
+      const redirectUrl = await atclient.authorize(handle, {
+        scope,
+        prompt: create ? 'create' : undefined,
+      })
+      return redirectUrl
     } catch (error) {
       const message = error instanceof Error ? error.message : 'Authentication failed.'
 

From 98df15576b7f77303a17cf78e13f617955d69027 Mon Sep 17 00:00:00 2001
From: Vordgi <sasha2822222@gmail.com>
Date: Thu, 5 Feb 2026 13:28:32 +0000
Subject: [PATCH 4/4] draft: check client metadata

---
 server/api/auth/atproto.get.ts | 74 +---------------------------------
 1 file changed, 1 insertion(+), 73 deletions(-)

diff --git a/server/api/auth/atproto.get.ts b/server/api/auth/atproto.get.ts
index 7586c67ca0..ec877587a5 100644
--- a/server/api/auth/atproto.get.ts
+++ b/server/api/auth/atproto.get.ts
@@ -54,77 +54,5 @@ export default defineEventHandler(async event => {
 
   const query = getQuery(event)
   const clientMetadata = getOauthClientMetadata()
-  const session = await useServerSession(event)
-  const { stateStore, sessionStore } = useOAuthStorage(session)
-
-  const atclient = new NodeOAuthClient({
-    stateStore,
-    sessionStore,
-    clientMetadata,
-    requestLock: getOAuthLock(),
-    handleResolver,
-  })
-
-  if (!query.code) {
-    try {
-      const handle = query.handle?.toString()
-      const create = query.create?.toString()
-
-      if (!handle) {
-        throw createError({
-          statusCode: 401,
-          message: 'Handle not provided in query',
-        })
-      }
-
-      const redirectUrl = await atclient.authorize(handle, {
-        scope,
-        prompt: create ? 'create' : undefined,
-      })
-      return redirectUrl
-    } catch (error) {
-      const message = error instanceof Error ? error.message : 'Authentication failed.'
-
-      return handleApiError(error, {
-        statusCode: 401,
-        message: `${message}. Please login and try again.`,
-      })
-    }
-  }
-
-  const { session: authSession } = await atclient.callback(
-    new URLSearchParams(query as Record<string, string>),
-  )
-  const agent = new Agent(authSession)
-  event.context.agent = agent
-
-  const response = await fetch(
-    `https://${SLINGSHOT_HOST}/xrpc/com.bad-example.identity.resolveMiniDoc?identifier=${agent.did}`,
-    { headers: { 'User-Agent': 'npmx' } },
-  )
-  if (response.ok) {
-    const miniDoc: PublicUserSession = await response.json()
-
-    let avatar: string | undefined = await getAvatar(authSession.did, miniDoc.pds)
-
-    await session.update({
-      public: {
-        ...miniDoc,
-        avatar,
-      },
-    })
-  } else {
-    //If slingshot fails we still want to set some key info we need.
-    const pdsBase = (await authSession.getTokenInfo()).aud
-    let avatar: string | undefined = await getAvatar(authSession.did, pdsBase)
-    await session.update({
-      public: {
-        did: authSession.did,
-        handle: 'Not available',
-        pds: pdsBase,
-        avatar,
-      },
-    })
-  }
-  return sendRedirect(event, '/')
+  return clientMetadata
 })