API Reference Attesto v#0.5.0

Copy Markdown View Source

Modules

Attesto

A vendor-neutral OAuth 2.0 / OIDC authorization-server and resource-server engine.

Attesto.AuthorizationCode

RFC 6749 §4.1 authorization-code grant, with mandatory PKCE (RFC 7636, S256) and optional DPoP binding of the code (RFC 9449 §10).

Attesto.AuthorizationCode.Grant

The validated context a successfully redeemed authorization code yields.

Attesto.ClusterGuard

Refuse to start a per-node ETS store on a clustered BEAM.

Attesto.CodeStore

Storage seam for authorization codes.

Attesto.CodeStore.ETS

Single-node ETS implementation of Attesto.CodeStore.

Attesto.Config

Immutable configuration a token operation runs against.

Attesto.DPoP

RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession (DPoP).

Attesto.DPoP.NonceStore

Storage seam for server-issued DPoP nonces (RFC 9449 §8).

Attesto.DPoP.NonceStore.ETS

Single-node ETS implementation of Attesto.DPoP.NonceStore.

Attesto.DPoP.ReplayCache

In-memory, TTL-bounded cache of seen DPoP proof jti values.

Attesto.Discovery

RFC 8414 - OAuth 2.0 Authorization Server Metadata.

Attesto.JWKS

RFC 7517 - publish the signing keys' public halves as a JWK Set.

Attesto.Key

Pure helpers for working with the RSA signing material as PEM strings.

Attesto.Keystore

The behaviour Attesto uses to obtain signing and verification keys.

Attesto.Keystore.Static

A simple Attesto.Keystore backed by application configuration.

Attesto.MTLS

RFC 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.

Attesto.PKCE

RFC 7636 - Proof Key for Code Exchange (PKCE).

Attesto.Plug.Authenticate

Authenticate a protected-resource request: verify the access token and, for a DPoP-bound or mTLS-bound token, the sender-constraint proof.

Attesto.Plug.OAuthError

Render the RFC 6750 / RFC 9449 error responses for the Attesto plugs.

Attesto.Plug.RequireScopes

Authorize a request against the scopes on the verified token.

Attesto.PrincipalKind

One kind of subject a token can describe.

Attesto.RefreshStore

Storage seam for refresh tokens, with the atomic primitive that makes reuse detection possible.

Attesto.RefreshStore.ETS

Single-node ETS implementation of Attesto.RefreshStore.

Attesto.RefreshToken

Refresh-token issuance and rotation with reuse detection (RFC 6749 §6 / §10.4, OAuth 2.0 Security BCP).

Attesto.Revocation

RFC 7009 - OAuth 2.0 Token Revocation, for refresh tokens.

Attesto.Scope

Scope grant-form matching for OAuth-style <resource>.<action> scopes.

Attesto.Secret

Generate and hash the opaque secrets that back stateful grants.

Attesto.SecureCompare

Constant-time comparison of two binaries.

Attesto.Thumbprint

Canonical SHA-256 thumbprint shape, shared across the sender-constraint schemes.

Attesto.Token

Mint and verify RS256 JWT access tokens.