@jacob.gold I started sending requests directly to my PDS (after sending createSession to bsky.social) Since then I sometimes get his intermittent error "server stopped accepting new streams before this stream was established". Could that be related? Should I keep sendig all requests to bsky.social?

Hmm, no, you should be able to send non-auth related requests directly to the PDS. Maybe @divy.zone can help!

I misubderstood non-with related. Is a refreshSession auth-realated?

Yes, that's auth related. There needs to be some info published on this, which may not have happened yet!

Thanks Jake. I may have missed it. I should do some reading on the federation stuff. I know what to look for now. Great achievement of you and your team to migrate all the users while the network stayed up and running!

Thanks! You didn't miss it, this aspect of talking to bsky.social for auth and talking to the PDS directly for other requests is a new thing and it's not required for anyone to implement it. It's totally acceptable to send all requests to bsky.social and let it proxy requests to the user's PDS.

Wait, so things like refreshSession *have* to still be sent to bsky.social? It won't work if I send it to the PDS?

Sorry for the confusion. Auth requests work on bsky.social or directly. Because auth requests sent to the *.host.bsky.network PDS hosts will get proxied to bsky.social (This needs to be documented properly, but none of this is required. Sending all requests to bsky.social is totally fine for now.)

Yes, I checked my logs and refreshSession works fine to the PDS. I only send createSession and getSession bsky.social to discover the PDS of a user.

FYI: this is the closest to "documentation" so far around this change. More will come soon, I'm sure.

Thanks!

Is this part of “small world” fallback design? Where PDSs can still communicate among each other without the relay if they want/need to?

Actually no this is just normal PDS stuff with some new auth stuff designed to make it easy to run many PDS hosts near users (in the near future) but make it feel like a single PDS.

But it does improve performance by reducing latency and hops. And eventually something like this may be recommended as part of the protocol (I'm not sure).

Exactly. That was why I was trying this. I'd expect that you'd even require it at some point to spread network traffic.

They are authorized with the access token from createSession. It works great. Only now and then I get that error.