Attesto.CIBA.Grant (Attesto v1.1.0)

Copy Markdown View Source

The validated context a successfully redeemed CIBA authentication request yields (CIBA Core §10.1).

Attesto.CIBA.redeem/4 returns this once the request's state machine reaches an approved, unexpired, single-use redemption. The host reads it to mint the token response through the same issuance path as its other grants: subject and scope become the tokens' sub and scope, resource (RFC 8707) the aud, dpop_jkt (when present) the cnf.jkt, and acr / auth_time the ID Token's authentication-context claims (CIBA Core §10.1: the ID Token is issued as for a normal OIDC token response; FAPI-CIBA §5.2.2 requires acr when the client requested one).

Summary

Types

t()

@type t() :: %Attesto.CIBA.Grant{
  acr: String.t() | nil,
  auth_time: non_neg_integer() | nil,
  claims: map(),
  client_id: String.t(),
  dpop_jkt: String.t() | nil,
  resource: [String.t()],
  scope: [String.t()],
  subject: String.t()
}