Lockspire.Security.Policy (lockspire v1.0.0)

Copy Markdown

Shared security invariants for boot-time posture and protocol/runtime checks.

Summary

Functions

ensure_signing_alg(alg)
ensure_supported_response_type(response_type)
ensure_supported_token_endpoint_auth_method(method)
fetch_required_config!(key, value)
hash_client_secret(secret)
hash_token(secret)
validate_issuer_and_mount_path!(issuer, mount_path)
validate_key_compliance(key, atom)
validate_signing_alg!(alg)
verify_client_secret(arg1, client_secret)

Functions

ensure_signing_alg(alg)

@spec ensure_signing_alg(String.t() | atom() | nil) ::
  :ok | {:error, :invalid_signing_alg}

ensure_supported_response_type(response_type)

@spec ensure_supported_response_type(String.t() | nil) ::
  :ok | {:error, :unsupported_response_type}

ensure_supported_token_endpoint_auth_method(method)

@spec ensure_supported_token_endpoint_auth_method(atom() | nil) ::
  :ok | {:error, :unsupported_token_endpoint_auth_method}

fetch_required_config!(key, value)

@spec fetch_required_config!(atom(), term()) :: term()

hash_client_secret(secret)

@spec hash_client_secret(String.t()) :: String.t()

hash_token(secret)

@spec hash_token(String.t()) :: String.t()

validate_issuer_and_mount_path!(issuer, mount_path)

@spec validate_issuer_and_mount_path!(String.t(), String.t()) :: String.t()

validate_key_compliance(key, atom)

@spec validate_key_compliance(
  Lockspire.Domain.SigningKey.t(),
  :fapi_2_0_security | :none
) ::
  :ok | {:error, term()}

validate_signing_alg!(alg)

@spec validate_signing_alg!(String.t() | atom() | nil) :: :ok

verify_client_secret(arg1, client_secret)

@spec verify_client_secret(String.t(), String.t()) :: boolean()