This Worker is the OAuth surface used by bsky-vita, a homebrew Bluesky client for the PlayStation Vita. It serves the client metadata, receives the consent-flow redirect from the authorization server, and exposes a single-read pickup endpoint the Vita polls.
Endpoints:
/client_metadata.json — OAuth client metadata
(atproto AS fetches this)./callback — receives (code, state, iss)
from the AS, writes (state → {code, iss}) to KV with a
5-minute TTL, returns "Login received" to the user./pop?state=… — the Vita reads this once and
the entry is deleted./callback-qr — v1.x QR-pickup stub.It logs nothing — observability.enabled is false in
wrangler.jsonc and the source contains zero
console.log calls on request data. The authorization codes
that pass through are cryptographically useless without the on-device
PKCE verifier and DPoP private key.
Source: github.com/koalabuttz/bsky-vita/broker. Privacy-conscious users can self-host — see the README in that directory.