BlueSky's permissions model currently allows for permanent permissions. Would time limited permissions be possible and reduce risk?

Software Development Thoughts

BlueSky's permissions model currently allows for permanent permissions. Would time limited permissions be possible and reduce risk?

Some thoughts on BlueSky's permission model and how limiting the permissions by action and time might be preferable.

AJP (James Phillips)

December 05, 2025

@leaflet.pub looks amazing but I'm concerned about the permissions model and the authorisation levels requested:

Does it need to have access to so much and forever?

If leaflet.pub is compromised this would be non-ideal.

It would be great to grant it permissions, from bsky, temporarily and then rescind them automatically. For example granting permission to perform just this one publishing action each time the action is requested, or for a limited time window such as an hour, or day, and perhaps even with some ephemeral token as well so that if I closed the window the token would be lost. Obviously a malign or compromised client would still need to have the time-limited permission to limit its damage potential).

The last permission in particular is quite troubling: I have no idea what it will do or authorise supposedly in my name: "AJP signed up to, liked, followed and is now posting endorsements of <insert terrible thing>". Is that possible under this current set of permissions?

I was curious if we have to go down this route so I prompted ChatGPT which directed me to https://leaflet.pub/b7540e0e-6621-4be1-8a40-a4ec10164391 which links to https://github.com/bluesky-social/atproto/discussions/4013 to which I'll post a request for considering time limited permissions.

I'm not an expert in this so perhaps some of these concerns are not well founded. Looking forward to hearing others thoughts.