verify
fun verify(dpopJwt: String?, requestMethod: String, requestUri: String, accessTokenForAth: String? = null, skewToleranceSeconds: Long = 20): DpopVerifierService.VerificationResult?
Verify a DPoP proof and extract its key fingerprint and nonce.
In simple terms: check that the proof was really signed by the key in its header, that it refers to this exact HTTP request (method + URL), that it is fresh in time, and that its random id is unique. If an access token is provided, also check that the proof references that exact token (ath claim).
Return
VerificationResult with jkt (key fingerprint) and jti (one-time nonce) or null if invalid
Parameters
dpop
the DPoP header value (compact JWS)
request
the HTTP method we expect (e.g., GET/POST)
request
the absolute URL of this request
access
optional access token string used to validate the 'ath' claim
skew
allowed clock drift for iat (default ~20s)