diff --git a/.github/workflows/wasm.yml b/.github/workflows/wasm.yml
index 405baf57..60969201 100644
--- a/.github/workflows/wasm.yml
+++ b/.github/workflows/wasm.yml
@@ -67,8 +67,9 @@ jobs:
         run: rustup target add wasm32-unknown-unknown
       - name: Install wasm-pack
         run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
-      - run: wasm-pack test --node atrium-api
-      - run: wasm-pack test --node atrium-xrpc
-      - run: wasm-pack test --node atrium-xrpc-client
-      - run: wasm-pack test --node atrium-identity
-      - run: wasm-pack test --node atrium-common
+      - run: wasm-pack test --node atrium-api --lib
+      - run: wasm-pack test --node atrium-xrpc --lib
+      - run: wasm-pack test --node atrium-xrpc-client --lib
+      - run: wasm-pack test --node atrium-identity --lib
+      - run: wasm-pack test --node atrium-common --lib
+      - run: wasm-pack test --node atrium-oauth --lib
diff --git a/Cargo.lock b/Cargo.lock
index 43ee107b..50999c97 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -273,6 +273,7 @@ dependencies = [
  "ecdsa",
  "elliptic-curve",
  "futures",
+ "getrandom 0.2.15",
  "hickory-resolver",
  "jose-jwa",
  "jose-jwk",
diff --git a/Cargo.toml b/Cargo.toml
index 8d629866..7b78e616 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -55,10 +55,11 @@ unsigned-varint = "0.8"
 
 # Cryptography
 ecdsa = "0.16.9"
-elliptic-curve = "0.13.6"
+elliptic-curve = "0.13.8"
+getrandom = "0.2.15"
 jose-jwa = "0.1.2"
 jose-jwk = { version = "0.1.2", default-features = false }
-k256 = { version = "0.13.3", default-features = false }
+k256 = { version = "0.13.4", default-features = false }
 p256 = { version = "0.13.2", default-features = false }
 rand = "0.8.5"
 sha2 = "0.10.8"
diff --git a/atrium-oauth/Cargo.toml b/atrium-oauth/Cargo.toml
index fb8eb3e0..67021206 100644
--- a/atrium-oauth/Cargo.toml
+++ b/atrium-oauth/Cargo.toml
@@ -39,11 +39,17 @@ trait-variant.workspace = true
 [dev-dependencies]
 atrium-api = { workspace = true, features = ["bluesky"] }
 futures.workspace = true
-hickory-resolver.workspace = true
 p256 = { workspace = true, features = ["pem", "std"] }
-tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
 base64ct.workspace = true
 
 [features]
 default = ["default-client"]
 default-client = ["reqwest/default-tls"]
+
+[target.'cfg(target_arch = "wasm32")'.dependencies]
+getrandom = { workspace = true, features = ["js"] }
+tokio = { workspace = true, features = ["macros", "rt", "time"] }
+
+[target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies]
+hickory-resolver.workspace = true
+tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
diff --git a/atrium-oauth/README.md b/atrium-oauth/README.md
index 65dd36b8..e85f4221 100644
--- a/atrium-oauth/README.md
+++ b/atrium-oauth/README.md
@@ -31,38 +31,36 @@ impl DnsTxtResolver for SomeDnsTxtResolver {
     }
 }
 
-fn main() {
-    let http_client = Arc::new(DefaultHttpClient::default());
-    let config = OAuthClientConfig {
-        client_metadata: AtprotoLocalhostClientMetadata {
-            redirect_uris: Some(vec![String::from("http://127.0.0.1/callback")]),
-            scopes: Some(vec![
-                Scope::Known(KnownScope::Atproto),
-                Scope::Known(KnownScope::TransitionGeneric),
-            ]),
-        },
-        keys: None,
-        resolver: OAuthResolverConfig {
-            did_resolver: CommonDidResolver::new(CommonDidResolverConfig {
-                plc_directory_url: DEFAULT_PLC_DIRECTORY_URL.to_string(),
-                http_client: Arc::clone(&http_client),
-            }),
-            handle_resolver: AtprotoHandleResolver::new(AtprotoHandleResolverConfig {
-                dns_txt_resolver: SomeDnsTxtResolver,
-                http_client: Arc::clone(&http_client),
-            }),
-            authorization_server_metadata: Default::default(),
-            protected_resource_metadata: Default::default(),
-        },
-        // A store for saving state data while the user is being redirected to the authorization server.
-        state_store: MemoryStateStore::default(),
-        // A store for saving session data.
-        session_store: MemorySessionStore::default(),
-    };
-    let Ok(client) = OAuthClient::new(config) else {
-        panic!("failed to create oauth client");
-    };
-}
+let http_client = Arc::new(DefaultHttpClient::default());
+let config = OAuthClientConfig {
+    client_metadata: AtprotoLocalhostClientMetadata {
+        redirect_uris: Some(vec![String::from("http://127.0.0.1/callback")]),
+        scopes: Some(vec![
+            Scope::Known(KnownScope::Atproto),
+            Scope::Known(KnownScope::TransitionGeneric),
+        ]),
+    },
+    keys: None,
+    resolver: OAuthResolverConfig {
+        did_resolver: CommonDidResolver::new(CommonDidResolverConfig {
+            plc_directory_url: DEFAULT_PLC_DIRECTORY_URL.to_string(),
+            http_client: Arc::clone(&http_client),
+        }),
+        handle_resolver: AtprotoHandleResolver::new(AtprotoHandleResolverConfig {
+            dns_txt_resolver: SomeDnsTxtResolver,
+            http_client: Arc::clone(&http_client),
+        }),
+        authorization_server_metadata: Default::default(),
+        protected_resource_metadata: Default::default(),
+    },
+    // A store for saving state data while the user is being redirected to the authorization server.
+    state_store: MemoryStateStore::default(),
+    // A store for saving session data.
+    session_store: MemorySessionStore::default(),
+};
+let Ok(client) = OAuthClient::new(config) else {
+    panic!("failed to create oauth client");
+};
 ```
 
 ### Authentication
diff --git a/atrium-oauth/src/oauth_session.rs b/atrium-oauth/src/oauth_session.rs
index 60cb80b4..ab87c1e8 100644
--- a/atrium-oauth/src/oauth_session.rs
+++ b/atrium-oauth/src/oauth_session.rs
@@ -380,9 +380,11 @@ mod tests {
         Agent::new(oauth_session(data, default_store()).await)
     }
 
-    async fn call_service(
-        service: &Service<impl SessionManager + Sync>,
+    async fn call_service<S>(
+        service: &Service<S>,
     ) -> Result<(), atrium_xrpc::Error<atrium_api::com::atproto::server::get_service_auth::Error>>
+    where
+        S: SessionManager + Send + Sync,
     {
         let output = service
             .com