Crate ppoppo_token 

Modules

access_token

RFC 9068 access-token profile.

id_token

OpenID Connect Core 1.0 id_token profile.

Structs

Jwk

A single JWK entry. Pinned to the OKP/Ed25519/EdDSA shape — other kty values (EC, RSA, oct) deserialize but ed25519_bytes() returns None so the engine never accidentally accepts a non-Ed25519 key.

Jwks

JSON Web Key Set — collection of trusted public keys per RFC 7517 §5.

KeySet

SigningKey

Enums

Algorithm

JwksError

JWKS-side errors surfaced to consumers of into_key_set.

SharedAuthError

Constants

DEFAULT_ISSUER

SV_CACHE_TTL

TTL for the sv:{ppnum_id} cache entry shared between PAS (writer) and PCS / external SDK consumers (readers). Bounds the post-break-glass staleness window when the writer cannot preemptively invalidate.

Functions

ed25519_public_from_pem

Derive the 32-byte Ed25519 public key from a PKCS8-encoded private PEM. Used by PAS at boot to populate /.well-known/jwks.json from the same key material that produces issuance signatures, so issuer and publisher cannot drift.

sv_cache_key

Build the shared cache key for a given Human ppnum’s session_version.