Module dpop

DPoP (Demonstration of Proof-of-Possession) implementation for AT Protocol OAuth.

This module provides functionality for creating and managing DPoP tokens as specified in RFC 9449. DPoP is a security extension to OAuth 2.0 that allows clients to prove possession of cryptographic keys by including a DPoP proof in HTTP requests.

Key features:

• DPoP token generation for authorization and resource requests
• Automatic retry middleware for handling DPoP nonce challenges
• Support for ES256 signature algorithm with elliptic curve keys

Structs

DpopRetry

Retry middleware for handling DPoP nonce challenges in HTTP requests.

DpopValidationConfig

Configuration for DPoP JWT validation.

Functions

auth_dpop

Creates a DPoP proof token for OAuth authorization requests.

extract_jwk_thumbprint

Extracts the JWK thumbprint from a DPoP JWT.

is_dpop_error

Parses the value of the “WWW-Authenticate” header and returns true if the inner “error” field is either “invalid_dpop_proof” or “use_dpop_nonce”.

request_dpop

Creates a DPoP proof token for OAuth resource requests.

validate_dpop_jwt

Validates a DPoP JWT and returns the JWK thumbprint if validation succeeds.