Versions in this module Expand all Collapse all v0 v0.2.0 Mar 8, 2026 v0.1.0 Feb 28, 2026 Changes in this version + const AuthSchemeBearer + const AuthSchemeDPoP + const ContextKeyThumbprint + const ContextKeyVerificationResult + const DPoPTokenType + const HeaderAuthorization + const HeaderDPoP + var ErrInvalidKey = errors.New("invalid key") + var ErrInvalidProof = errors.New("invalid DPoP proof") + var ErrMethodMismatch = errors.New("HTTP method mismatch") + var ErrNonceMismatch = errors.New("nonce mismatch") + var ErrProofExpired = errors.New("DPoP proof expired") + var ErrTokenHashMismatch = errors.New("access token hash mismatch") + var ErrURIMismatch = errors.New("HTTP URI mismatch") + var ErrUnsupportedAlgorithm = errors.New("unsupported algorithm") + var ValidHTTPMethods = map[string]bool + func ComputeAccessTokenHash(accessToken string) string + func ComputeThumbprint(publicKey *ecdsa.PublicKey) (string, error) + func CreateProof(kp *KeyPair, method, uri string) (string, error) + func CreateProofWithOptions(kp *KeyPair, method, uri string, opts ProofOptions) (string, error) + func GetThumbprint(ctx context.Context) string + func IsValidHTTPMethod(method string) bool + func Middleware(config MiddlewareConfig) func(http.Handler) http.Handler + func OptionalDPoP(verifier *Verifier) func(http.Handler) http.Handler + func RequireDPoP(verifier *Verifier) func(http.Handler) http.Handler + func VerifyTokenBinding(tokenThumbprint string, proofThumbprint string) error + type JWK struct + Alg string + Crv string + Kty string + X string + Y string + func ToJWK(publicKey *ecdsa.PublicKey) (*JWK, error) + func (j *JWK) Thumbprint() (string, error) + func (j *JWK) ToPublicKey() (*ecdsa.PublicKey, error) + type KeyPair struct + PrivateKey *ecdsa.PrivateKey + Thumbprint string + func DeserializeKeyPair(s *SerializedKeyPair) (*KeyPair, error) + func DeserializeKeyPairJSON(data []byte) (*KeyPair, error) + func GenerateKeyPair() (*KeyPair, error) + func (kp *KeyPair) PublicKey() *ecdsa.PublicKey + func (kp *KeyPair) Serialize() (*SerializedKeyPair, error) + func (kp *KeyPair) SerializeJSON() ([]byte, error) + func (kp *KeyPair) Signer() crypto.Signer + type MiddlewareConfig struct + ExtractAccessToken func(r *http.Request) string + OnError func(w http.ResponseWriter, r *http.Request, err error) + RequireDPoP bool + Verifier *Verifier + type ParsedProof struct + Claims *ProofClaims + PublicKey *ecdsa.PublicKey + Thumbprint string + func ParseProof(proofString string) (*ParsedProof, error) + type ProofClaims struct + AccessTokenHash string + HTTPMethod string + HTTPURI string + Nonce string + func NewProofClaims(method, uri string, accessToken string) *ProofClaims + func (c *ProofClaims) WithAccessToken(accessToken string) *ProofClaims + func (c *ProofClaims) WithNonce(nonce string) *ProofClaims + type ProofHeader struct + Algorithm string + JWK *JWK + Type string + type ProofOptions struct + AccessToken string + Nonce string + type SerializedKeyPair struct + Curve string + PrivateKeyD string + PublicKeyX string + PublicKeyY string + Thumbprint string + type VerificationConfig struct + AllowedClockSkew time.Duration + MaxAge time.Duration + NonceValidator func(ctx context.Context, nonce string) error + RequireAccessTokenBinding bool + func DefaultVerificationConfig() VerificationConfig + type VerificationRequest struct + AccessToken string + ExpectedNonce string + Method string + Proof string + URI string + type VerificationResult struct + IssuedAt time.Time + JTI string + Thumbprint string + func GetVerificationResult(ctx context.Context) *VerificationResult + type Verifier struct + func NewVerifier(config VerificationConfig) *Verifier + func (v *Verifier) Verify(ctx context.Context, req VerificationRequest) (*VerificationResult, error)
Go to main page