AT Protocol OAuth Implementation

Always load: the main SKILL.md body (core instructions, security checklist, pitfalls). Load on demand: references/ files (only when implementing from scratch or when the user asks for deep-dive detail). Load on demand: examples/ files (only when the user asks for language-specific code).

Implement atproto OAuth using the atproto profile requirements, not generic OAuth defaults.

When NOT to Use This Skill

Do not apply this skill for:

• Standard OAuth2/OIDC flows that do not involve AT Protocol or Bluesky.
• Bluesky App Passwords (a separate legacy credential mechanism, not OAuth).
• Generic social login (Google, GitHub, etc.) — those follow standard OIDC, not the atproto profile.
• Any scenario where the user has not confirmed their target platform is atproto/Bluesky.

Decide App Pattern

Ask: What type of app are you building?

• Web service (recommended): implement a confidential client with Backend For Frontend (BFF).