Lockspire.Protocol.RegistrationManagement
(lockspire v1.0.0)
Copy Markdown
RFC 7592 dynamic client registration management — Plug.Conn-free orchestrator.
Public entries:
read/2— return current RFC 7591 metadata for the RAT-bound client.update/2— full-replace via the same validator pipeline asRegistration.register/1;on success rotates the RAT and returns the new plaintext exactly once.delete/2— soft-disable via the publicLockspire.Admin.Clients.disable_client/2.
All three functions accept (client_id_from_url, %Domain.Client{} ...) where client is the
row matched by Repository.get_client_by_registration_access_token_hash/1. URL/RAT mismatches
ALWAYS collapse to {:error, :invalid_token} — the discriminator stays in telemetry only,
defending against client-id enumeration (D-19).
Summary
Types
@type update_request() :: %{ metadata: map(), server_policy: Lockspire.Domain.ServerPolicy.t(), client: Lockspire.Domain.Client.t() }
Functions
@spec delete(String.t(), Lockspire.Domain.Client.t()) :: :ok | {:error, :invalid_token | term()}
@spec read(String.t(), Lockspire.Domain.Client.t()) :: {:ok, Lockspire.Domain.Client.t()} | {:error, :invalid_token}
@spec rotate_registration_access_token(Lockspire.Domain.Client.t()) :: {:ok, String.t(), Lockspire.Domain.Client.t()} | {:error, term()}
@spec update(String.t(), update_request()) :: {:ok, struct()} | {:error, struct()} | {:error, :invalid_token}