Versions in this module Expand all Collapse all v0 v0.6.0 Apr 12, 2026 v0.5.0 Apr 6, 2026 v0.4.0 Mar 23, 2026 v0.3.0 Mar 15, 2026 v0.2.0 Mar 8, 2026 v0.1.0 Feb 28, 2026 Changes in this version + const AuthSchemeBearer + const AuthSchemeDPoP + const ContextKeyThumbprint + const ContextKeyVerificationResult + const DPoPTokenType + const HeaderAuthorization + const HeaderDPoP + var ErrInvalidKey = errors.New("invalid key") + var ErrInvalidProof = errors.New("invalid DPoP proof") + var ErrMethodMismatch = errors.New("HTTP method mismatch") + var ErrNonceMismatch = errors.New("nonce mismatch") + var ErrProofExpired = errors.New("DPoP proof expired") + var ErrTokenHashMismatch = errors.New("access token hash mismatch") + var ErrURIMismatch = errors.New("HTTP URI mismatch") + var ErrUnsupportedAlgorithm = errors.New("unsupported algorithm") + var ValidHTTPMethods = map[string]bool + func ComputeAccessTokenHash(accessToken string) string + func ComputeThumbprint(publicKey *ecdsa.PublicKey) (string, error) + func CreateProof(kp *KeyPair, method, uri string) (string, error) + func CreateProofWithOptions(kp *KeyPair, method, uri string, opts ProofOptions) (string, error) + func GetThumbprint(ctx context.Context) string + func IsValidHTTPMethod(method string) bool + func Middleware(config MiddlewareConfig) func(http.Handler) http.Handler + func OptionalDPoP(verifier *Verifier) func(http.Handler) http.Handler + func RequireDPoP(verifier *Verifier) func(http.Handler) http.Handler + func VerifyTokenBinding(tokenThumbprint string, proofThumbprint string) error + type JWK struct + Alg string + Crv string + Kty string + X string + Y string + func ToJWK(publicKey *ecdsa.PublicKey) (*JWK, error) + func (j *JWK) Thumbprint() (string, error) + func (j *JWK) ToPublicKey() (*ecdsa.PublicKey, error) + type KeyPair struct + PrivateKey *ecdsa.PrivateKey + Thumbprint string + func DeserializeKeyPair(s *SerializedKeyPair) (*KeyPair, error) + func DeserializeKeyPairJSON(data []byte) (*KeyPair, error) + func GenerateKeyPair() (*KeyPair, error) + func (kp *KeyPair) PublicKey() *ecdsa.PublicKey + func (kp *KeyPair) Serialize() (*SerializedKeyPair, error) + func (kp *KeyPair) SerializeJSON() ([]byte, error) + func (kp *KeyPair) Signer() crypto.Signer + type MiddlewareConfig struct + ExtractAccessToken func(r *http.Request) string + OnError func(w http.ResponseWriter, r *http.Request, err error) + RequireDPoP bool + Verifier *Verifier + type ParsedProof struct + Claims *ProofClaims + PublicKey *ecdsa.PublicKey + Thumbprint string + func ParseProof(proofString string) (*ParsedProof, error) + type ProofClaims struct + AccessTokenHash string + HTTPMethod string + HTTPURI string + Nonce string + func NewProofClaims(method, uri string, accessToken string) *ProofClaims + func (c *ProofClaims) WithAccessToken(accessToken string) *ProofClaims + func (c *ProofClaims) WithNonce(nonce string) *ProofClaims + type ProofHeader struct + Algorithm string + JWK *JWK + Type string + type ProofOptions struct + AccessToken string + Nonce string + type SerializedKeyPair struct + Curve string + PrivateKeyD string + PublicKeyX string + PublicKeyY string + Thumbprint string + type VerificationConfig struct + AllowedClockSkew time.Duration + MaxAge time.Duration + NonceValidator func(ctx context.Context, nonce string) error + RequireAccessTokenBinding bool + func DefaultVerificationConfig() VerificationConfig + type VerificationRequest struct + AccessToken string + ExpectedNonce string + Method string + Proof string + URI string + type VerificationResult struct + IssuedAt time.Time + JTI string + Thumbprint string + func GetVerificationResult(ctx context.Context) *VerificationResult + type Verifier struct + func NewVerifier(config VerificationConfig) *Verifier + func (v *Verifier) Verify(ctx context.Context, req VerificationRequest) (*VerificationResult, error)
Go to main page