oauth/io.github.kikin81.atproto.oauth/OAuthSession

OAuthSession

@Serializable

data class OAuthSession(val accessToken: String, val refreshToken: String, val did: String?, val handle: String?, val pdsUrl: String?, val tokenEndpoint: String, val revocationEndpoint: String? = null, val clientId: String? = null, val dpopPrivateKey: ByteArray, val dpopPublicKey: ByteArray, val authServerNonce: String? = null, val clockOffsetSeconds: Long = 0, val pdsNonce: String? = null)

Persisted OAuth session state. Contains everything needed to make authenticated XRPC requests and refresh the session when the access token expires.

The DPoP keypair is serialized as raw byte arrays (PKCS8 private key + X509 public key) rather than as JWK JSON. The consumer's OAuthSessionStore implementation is responsible for encrypting these at rest (e.g. via EncryptedSharedPreferences on Android).

did, handle, and pdsUrl are nullable to accommodate the signup flow's brief window between token exchange and identity hydration. Once hydration completes (or its bounded retry budget exhausts) the session is re-persisted with whatever values resolved. The login flow always populates all three eagerly.

Constructors

OAuthSession

constructor(accessToken: String, refreshToken: String, did: String?, handle: String?, pdsUrl: String?, tokenEndpoint: String, revocationEndpoint: String? = null, clientId: String? = null, dpopPrivateKey: ByteArray, dpopPublicKey: ByteArray, authServerNonce: String? = null, clockOffsetSeconds: Long = 0, pdsNonce: String? = null)