Variable: authApi

const authApi: Client<paths, `${string}/${string}`>

Defined in: web/lib/api/client.ts:244

Authenticated API client for endpoints requiring user authentication.

Remarks

Implements the industry standard ATProto service authentication pattern:

1. User completes ATProto OAuth in browser (via BrowserOAuthClient)
2. For authenticated API calls, middleware calls com.atproto.server.getServiceAuth
3. User's PDS issues a service auth JWT signed with user's ATProto signing key
4. JWT is sent in Authorization header to Chive backend
5. Chive verifies JWT by resolving user's DID document and checking signature

This approach:

• Uses the same signing key that signs ATProto repo commits
• Requires no custom session management or cookie-based auth
• Is stateless and verifiable against the DID document
• Supports method-level authorization via lxm claim

See

• ATProto Service Auth
• /lib/auth/service-auth.ts for service auth token management