MPP.Verifier (mpp v0.6.0)

Copy Markdown View Source

Transport-neutral payment credential verification.

Implements the full MPP verification pipeline — HMAC challenge binding, realm match, expiration check, request match, and method-specific verification — without any HTTP or transport dependency.

MPP.Plug delegates to this module for HTTP transport. MPP.Mcp and the client SDK (Phase 12) can use it directly for JSON-RPC and other transports.

Usage

opts = [
  secret_key: "hmac-secret",
  realm: "api.example.com",
  method: MyApp.Payments.Stripe,
  charge: charge,
  method_config: %{"stripe_secret_key" => "sk_..."}
]

case MPP.Verifier.verify(credential, opts) do
  {:ok, receipt} -> # payment verified
  {:error, %MPP.Errors{} = error} -> # verification failed
end

Options

  • :secret_key — (required) HMAC-SHA256 key for challenge verification
  • :realm — (required) expected server protection space
  • :method — (required) module implementing MPP.Method
  • :charge — (required) MPP.Intents.Charge.t() for this endpoint
  • :method_config — (optional) server-only config map, default %{}

API Functions

FunctionArityDescriptionParam Kinds
verify2Verify a payment credential against endpoint configuration. Transport-neutral.credential: value, opts: value

Summary

Functions

Verify a payment credential against endpoint configuration. Transport-neutral.

Functions

verify(credential, opts)

@spec verify(
  MPP.Credential.t(),
  keyword()
) :: {:ok, MPP.Receipt.t()} | {:error, MPP.Errors.t()}

Verify a payment credential against endpoint configuration. Transport-neutral.

Parameters

  • credential - Parsed MPP credential with echoed challenge and payment payload (value)
  • opts - Keyword list: :secret_key (HMAC key), :realm, :method (module), :charge (Charge.t()), :method_config (optional map) (value)

Returns

{:ok, receipt} on success, {:error, %Errors{}} on failure (tagged_tuple)

Errors

  • :invalid_challenge
  • :intent_mismatch
  • :method_mismatch
  • :payment_expired
  • :request_mismatch
  • :verification_failed
# descripex:contract
%{
  params: %{
    opts: %{
      description: "Keyword list: :secret_key (HMAC key), :realm, :method (module), :charge (Charge.t()), :method_config (optional map)",
      kind: :value
    },
    credential: %{
      description: "Parsed MPP credential with echoed challenge and payment payload",
      kind: :value
    }
  },
  errors: [:invalid_challenge, :intent_mismatch, :method_mismatch,
   :payment_expired, :request_mismatch, :verification_failed],
  returns: %{
    type: :tagged_tuple,
    description: "`{:ok, receipt}` on success, `{:error, %Errors{}}` on failure"
  }
}