From 61f742207532d7565f6f95354d44c52996d224e3 Mon Sep 17 00:00:00 2001
From: syui <syui@syui.ai>
Date: Sun, 18 Jan 2026 20:10:10 +0900
Subject: [PATCH] fix readme oauth

---
 readme.md | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)

diff --git a/readme.md b/readme.md
index 9ebc048..c40f8bc 100644
--- a/readme.md
+++ b/readme.md
@@ -11,6 +11,84 @@ $ cat public/config.json
 $ npm run dev
 ```
 
+## oauth
+
+Use ATProto OAuth to login from the browser and create, edit, or delete posts.
+
+### Setup
+
+#### 1. Edit client-metadata.json
+
+Modify `public/client-metadata.json` with your own domain:
+
+```json
+{
+  "client_id": "https://example.com/client-metadata.json",
+  "client_name": "example.com",
+  "client_uri": "https://example.com",
+  "redirect_uris": ["https://example.com/"],
+  "scope": "atproto transition:generic",
+  "grant_types": ["authorization_code", "refresh_token"],
+  "response_types": ["code"],
+  "application_type": "web",
+  "token_endpoint_auth_method": "none",
+  "dpop_bound_access_tokens": true
+}
+```
+
+**Required changes:**
+
+| Field | Description |
+|-------|-------------|
+| `client_id` | URL of this file. Must be `https://yourdomain.com/client-metadata.json` |
+| `client_name` | App name (shown on auth screen) |
+| `client_uri` | Your site URL |
+| `redirect_uris` | Redirect URL after OAuth. Use your site's root URL |
+
+#### 2. Deploy the file
+
+`client-metadata.json` must be publicly accessible at:
+
+```
+https://yourdomain.com/client-metadata.json
+```
+
+The ATProto PDS fetches this file during authentication, so it **must be accessible via public URL**.
+
+#### 3. Local development
+
+No configuration needed for local development (localhost/127.0.0.1). The code automatically uses ATProto's loopback client ID:
+
+```
+http://localhost?redirect_uri=http://127.0.0.1:5173/&scope=atproto%20transition%3Ageneric
+```
+
+#### 4. Network configuration
+
+To support multiple PDS servers, define networks in `public/network.json`:
+
+```json
+{
+  "bsky.social": {
+    "bsky": "https://bsky.social",
+    "plc": "https://plc.directory"
+  },
+  "syu.is": {
+    "bsky": "https://bsky.syu.is",
+    "plc": "https://plc.syu.is",
+    "web": "https://syu.is"
+  }
+}
+```
+
+The appropriate PDS is automatically selected based on the handle's domain.
+
+### Troubleshooting
+
+- **Auth error**: Verify `client_id` matches the actual file URL
+- **Redirect error**: Verify `redirect_uris` matches your site URL
+- **CORS error**: Verify `client-metadata.json` is served with correct Content-Type
+
 ## cli 
 
 ```sh