@spec allowed() :: [alg()]

Algorithms Attesto can sign/verify when backed by a matching key.

@spec default_client_algs() :: [alg()]

Default set of algorithms accepted for signatures a client presents (client assertions and request objects).

Equal to fapi_algs/0: PS256, ES256, EdDSA. A host with a non-FAPI profile can widen this by passing an explicit :accepted_algs opt to the relevant verifier; the default keeps the FAPI 2 gate.

@spec fapi_algs() :: [alg()]

Signing algorithms permitted for FAPI 2 client authentication and request objects: PS256, ES256, EdDSA.

RS256 (RSASSA-PKCS1-v1_5) is deliberately excluded - FAPI 2 mandates PS256 for RSA keys. This is the policy gate for verifying a signature a client presents; it is narrower than allowed/0, which still admits RS256 for the provider's own token signing.

@spec for_key(module(), String.t(), keyword()) :: alg()

Resolve the algorithm for a key in keystore.

Resolution order:

• per-key metadata from key_algs/0, keyed by RFC 7638 kid
• signing_alg/0 for the current signing key only
• inference from the JWK type/curve

@spec hash_alg(alg()) :: :sha256 | :sha384 | :sha512

Return the digest algorithm used by an ID Token hash claim.

@spec hash_half_bytes(alg()) :: pos_integer()

Return the number of left-most bytes used for OIDC hash claims.

@spec infer(JOSE.JWK.t()) :: alg()

Infer the default algorithm from a parsed JWK's public members.

@spec validate!(term()) :: alg()

Validate that alg is one of Attesto's supported asymmetric JOSE algorithms.