Lockspire.Protocol.DPoP (lockspire v1.0.0)

Copy Markdown

DPoP proof decoding, verification, and proof-key thumbprint helpers.

This module owns the protocol-sensitive JOSE work for DPoP proofs so later token and protected-resource flows can depend on one validator.

Summary

Types

t()
validate_reason()

Functions

access_token_ath(access_token)
decode(jwt)
signing_alg_values_supported()
signing_alg_values_supported(profile)
thumbprint(jwk)
validate_proof(jwt, opts \\ [])

Types

t()

@type t() :: %Lockspire.Protocol.DPoP{
  claims: map(),
  header: map(),
  jkt: String.t() | nil,
  public_jwk: JOSE.JWK.t() | nil
}

validate_reason()

@type validate_reason() ::
  :invalid_jwt
  | :invalid_signature
  | :invalid_typ
  | :missing_jwk
  | :invalid_jwk
  | :invalid_claims_options
  | :missing_htm
  | :invalid_htm
  | :missing_htu
  | :invalid_htu
  | :missing_iat
  | :invalid_iat
  | :stale_iat
  | :future_iat
  | :missing_jti
  | :unsupported_signing_algorithm

Functions

access_token_ath(access_token)

@spec access_token_ath(String.t()) :: String.t()

decode(jwt)

@spec decode(String.t()) :: {:ok, t()} | {:error, :invalid_jwt}

signing_alg_values_supported()

@spec signing_alg_values_supported() :: [String.t()]

signing_alg_values_supported(profile)

@spec signing_alg_values_supported(struct() | :fapi_2_0_security | :none) :: [
  String.t()
]

thumbprint(jwk)

@spec thumbprint(JOSE.JWK.t() | map()) :: {:ok, String.t()} | {:error, :invalid_jwk}

validate_proof(jwt, opts \\ [])

@spec validate_proof(
  String.t(),
  keyword()
) :: {:ok, t()} | {:error, validate_reason()}