runtime/io.github.kikin81.atproto.runtime/AuthProvider

AuthProvider

interface AuthProvider

Supplies authentication headers for XRPC requests. Attached at client construction or per-call via XrpcClient.query / XrpcClient.procedure overrides.

The method receives the HTTP method and target url so that proof-of-possession schemes like DPoP can bind the proof to the specific request.

Return an empty map for unauthenticated requests.

Migration from bearerToken()

This interface was widened from bearerToken(): String? to authHeaders(method, url): Map<String, String> to support DPoP (which needs both Authorization: DPoP <token> and DPoP: <proof>). Existing consumers should migrate:

// Before
val auth = BearerTokenAuth("my-token")

// After — same class, same constructor, new internals
val auth = BearerTokenAuth("my-token")
Content copied to clipboard

BearerTokenAuth and NoAuth are updated in-place; custom impls need to implement authHeaders instead of bearerToken.

Inheritors

Functions

Link copied to clipboard
abstract suspend fun authHeaders(method: String, url: String): Map<String, String>

Returns the HTTP headers to attach to an XRPC request.

Link copied to clipboard
open suspend fun onUnauthorized(responseHeaders: Map<String, String>): Boolean

Called by XrpcClient when a request returns HTTP 401. The provider can inspect the response headers (e.g. DPoP-Nonce) and update its internal state for a retry.