dpop

package module
v0.0.0-...-55f89e3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2025 License: Apache-2.0 Imports: 16 Imported by: 0

README

authlib/dpop

Go Reference CI Status

OAuth 2.0 Demonstrating Proof of Possession (DPoP) implementation for Go.

Overview

This package implements RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession at the Application Layer (DPoP). DPoP provides a mechanism to bind tokens to a particular client instance by proving possession of a private key.

Installation

go get github.com/matoous/authlib/dpop

Example

package main

import (
    "fmt"
    "log"
    "net/http"

    "github.com/matoous/authlib/dpop"
)

func main() {
    // Generate a key pair for DPoP
    keypair, err := dpop.GenerateKeyPair(dpop.ES256)
    if err != nil {
        log.Fatalf("failed to generate key pair: %v", err)
    }

    // Generate a DPoP proof for a request
    proof, err := keypair.GenerateProof(
        "https://api.example.com/resource", // HTU (HTTP URI)
        http.MethodGet,                      // HTM (HTTP Method)
        "",                                   // nonce (if required by server)
        "your-access-token",                 // access token
        nil,                                  // additional claims
    )
    if err != nil {
        log.Fatalf("generate DPoP proof: %v", err)
    }

    // Use the proof in an HTTP request
    req, _ := http.NewRequest(http.MethodGet, "https://api.example.com/resource", nil)
    req.Header.Set("Authorization", "DPoP your-access-token")
    req.Header.Set("DPoP", proof)

    fmt.Printf("DPoP header: %s\n", proof)
}

Documentation

For complete documentation, see the Go package documentation.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DeleteKeyPair 

func DeleteKeyPair(username string) error

DeleteKeyPair removes the key pair from the system keyring

Types

type Algorithm 

type Algorithm string

Algorithm represents supported JWS algorithms for DPoP 

const (
	ES256 Algorithm = "ES256"
	RS256 Algorithm = "RS256"
	PS256 Algorithm = "PS256"
)

type KeyPair 

type KeyPair struct {
	PrivateKey crypto.PrivateKey
	PublicKey  crypto.PublicKey
	Algorithm  Algorithm
}

KeyPair represents a DPoP key pair

func Bootstrap 

func Bootstrap(username string, alg Algorithm) (*KeyPair, error)

Bootstrap retrieves or generates a DPoP key pair for the given username

func GenerateKeyPair 

func GenerateKeyPair(alg Algorithm) (*KeyPair, error)

GenerateKeyPair generates a new key pair for the specified algorithm

func LoadKeyPair 

func LoadKeyPair(username string) (*KeyPair, error)

LoadKeyPair loads the key pair from the system keyring

func (*KeyPair) CalculateThumbprint 

func (keypair *KeyPair) CalculateThumbprint() (string, error)

CalculateThumbprint calculates the JWK thumbprint for dpop_jkt

func (*KeyPair) GenerateProof 

func (keypair *KeyPair) GenerateProof(
	htu string,
	htm string,
	nonce string,
	accessToken string,
	additional map[string]any,
) (string, error)

GenerateProof generates a DPoP proof JWT

func (*KeyPair) PublicJWK 

func (keypair *KeyPair) PublicJWK() (map[string]any, error)

PublicJWK exports the public component of the key pair as a JWK map.

func (*KeyPair) Save 

func (keypair *KeyPair) Save(username string) error

SaveKeyPair saves the key pair to the system keyring

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.