Docs / Guides

Stable

Prepare Atmosphere Login for production

Run the checks needed before users see a trusted, production-ready picker handoff.

Exact HTTPS return URI enforcement for production apps.Verified app identity with homepage, logo, and domain manifest.Clear readiness states: local development, needs fixes, ready for review, trusted, or blocked.

Checks

Readiness states

StateMeaningNext action
Local development onlyLoopback or localhost URLs are present.Replace with HTTPS production URLs before review.
Needs production fixesOne or more required checks failed.Open the app detail page and run checks.
Ready to request trusted reviewProduction checks pass.Submit review notes.
TrustedAtmosphere reviewed the app identity.Keep metadata and return URIs stable.
BlockedPicker is unavailable for the app.Contact support.

Production launch checklist

  • Registered app name matches the public product.
  • Client ID is HTTPS and controlled by the app.
  • Homepage is HTTPS and reachable.
  • Logo is HTTPS, reachable, and recognizable.
  • Every production return URI is listed exactly.
  • No local development URLs remain in production registration.
  • Domain manifest matches the registered app metadata and return URIs.
  • Picker test URL completes successfully.
  • Selection token verification happens server-side.
  • AT Protocol OAuth starts after selection and is owned by the app.

Domain manifest

/.well-known/atmosphere-login.json
{
  "version": "atmosphere.login.v0.1",
  "apps": [
    {
      "client_id": "https://app.example.com/oauth/client-metadata.json",
      "app_name": "Example App",
      "homepage": "https://app.example.com",
      "logo_uri": "https://app.example.com/icon.png",
      "allowed_return_uris": [
        "https://app.example.com/auth/atmosphere/selected"
      ]
    }
  ]
}
On this page

Next steps

Keep building