Closed dholms closed 2 weeks ago
Is this right? Isn't the problem that the apps are dropping personalDetailsPref
because it's written as a single blob, and they don't have access to it? I think the fix needs to be that the server preserves the personalDetailsPref
in this case, not that it throws
Yeah there's two parts to the putPreferences - it throws if an app password is trying to write a new value to personalDetailsPref
but just strips it out of the values to delete if an app password doesn't provide a value
Right -- my bad, I had the wrong mental model for the backend, so the diff seemed wrong.
This LGTM
We don't let app passwords read
personalDetailsPref
. This prevents app passwords from writing or deleting the preferences as wellCloses https://github.com/bluesky-social/atproto/issues/2555