Lockspire.Protocol.RequestObject (lockspire v1.0.0)

Copy Markdown

Orchestrates JAR (RFC 9101) request-object consumption for /authorize and /par.

Composes Lockspire.Protocol.Jar.{decode/1, verify_signature/2, validate_claims/2} into a single pipeline step that:

  1. Rejects outer-param conflicts (D-04) and request / request_uri collisions (D-06).
  2. Asserts the client has inline jwks registered (D-08).
  3. Decodes, verifies the signature, and validates the request JWT claims with the configured :max_age ceiling (D-13).
  4. Projects JAR claims into the same flat-params shape pushed_request_to_params/1 produces in Lockspire.Protocol.AuthorizationRequest, so validate_with_client/3 runs unchanged.

Out of scope (v1.4)

  • JAR-by-reference (request_uri pointing to an external JWT URL)
  • JAR decryption (RFC 9101 §6 nested JWE)
  • jwks_uri HTTP fetch
  • JAR substituting as client authentication at /par
  • JTI replay cache

Summary

Types

result()

Functions

consume(params, client, opts \\ [])

Types

result()

@type result() ::
  {:ok, map()}
  | {:browser_error, Lockspire.Protocol.AuthorizationRequest.Error.t()}
  | {:redirect_error, Lockspire.Protocol.AuthorizationRequest.Error.t()}

Functions

consume(params, client, opts \\ [])

@spec consume(map(), Lockspire.Domain.Client.t(), keyword()) :: result()