Thanks to visit codestin.com
Credit goes to github.com

Skip to content

PDS/Auth: Extra space in basic auth breaks auth (CreateSession) #136

New issue
New issue
Open
Open
PDS/Auth: Extra space in basic auth breaks auth (CreateSession)#136
Labels
bugSomething isn't working
@SquirrelOnMotorcycle

Description

@SquirrelOnMotorcycle
SquirrelOnMotorcycle
opened on Sep 14, 2025

Describe the bug

When trying to create a connector for Blacksky for the Feed aggregation app Tapestry, I discovered that the same method used to connect to Bluesky does not work for Blacksky. On further investigation, I discovered the cause for this being as follows.

When sending a request from Tapestry to Blacksky, Tapestry formats the POST request with spaces ->

{
  "identifier": "email",
  "password": "app-password"
}
Image

For some reason, this causes a timeout. Removing the spaces from the request as follows allows for the request to go through.

{"identifier":"email","password":"app-pw"}

Image

This only happens when both the email and the password are correct. Using a wrong password doesn't cause a timeout but instead returns a correct error.

I tested manually adjusting the Content-Length header to be able to exclude it as potentially causing issues. I don't know much about Rust, but from what I can see in the code it's just standard JSON parsing, so I'm unsure why this is happening.

To Reproduce

Steps to reproduce the behavior:

  1. Have a Blacksky account with email and app password.
  2. Create a POST request in whichever way you like. Example for CURL:
curl --request POST \
--url https://blacksky.app/xrpc/com.atproto.server.createSession \
--header 'content-type: application/json' \
--data '{"identifier": "email","password":"app-password"}'
  1. This should fail. Now try the same without the space to confirm that it's working otherwise:
curl --request POST \
--url https://blacksky.app/xrpc/com.atproto.server.createSession \
--header 'content-type: application/json' \
--data '{"identifier":"email","password":"app-password"}'

Expected behavior

According to JSON specifications, spaces in inner JSON content should simply be ignored by the parser. As such, the POST request should go through with or without spaces.

Details

  • Used to send POST: Tapestry (iOS), TapestryLoom (macOS), Postman (macOS), Bruno (Linux), Proxyman (macOS)

Additional context
Tried using VPNs to see if there is any chance it's related to where I connect from, nada.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions