api-services/org.cryptotrader.api.library.services.dpop/DpopVerifierService

DpopVerifierService

@Service
class DpopVerifierService(@Value(value = "${security.auth.dpop.allowed-algs:ES256}") allowedAlgos: String)

Cryptographic DPoP verifier using Auth0 JWT library + JCA keys built from the embedded JWK.

  • Verifies the JWS signature against the public key in header.jwk

  • Validates htm/htu canonicalization, and iat skew window

  • Optionally validates 'ath' claim if an access token is provided

  • Computes RFC7638 JWK thumbprint (jkt)

NOTE: This implementation supports RSA (RS256) and EC (ES256/384/512) algorithms.

Constructors

Link copied to clipboard
constructor(@Value(value = "${security.auth.dpop.allowed-algs:ES256}") allowedAlgos: String)

Types

Link copied to clipboard
object Companion
Link copied to clipboard
data class VerificationResult(val jwkThumbprint: String, val jwtId: String?)

Functions

Link copied to clipboard
fun isValidProof(dpopProof: String?): Boolean
Link copied to clipboard
fun verify(dpopJwt: String?, requestMethod: String, requestUri: String, accessTokenForAth: String? = null, skewToleranceSeconds: Long = 20): DpopVerifierService.VerificationResult?

Verify a DPoP proof and extract its key fingerprint and nonce.