CLASS

Dpop

Contents

Properties
- jwkThumbprint
Methods
- isEqual(_:)
- encode(to:)
- init(from:)
- createProof(httpMethod:url:)
- createProof(httpMethod:url:nonce:accessToken:)
- getHeaderValue(httpMethod:url:)
- getHeaderValue(httpMethod:url:nonce:accessToken:)

@objcMembers public class Dpop: NSObject, Codable

The Dpop class represents the context used for the Demonstrating Proof of Possession protocol used for authenticating requests that prove ownership of a private key

Properties

jwkThumbprint

public var jwkThumbprint: String

The JWK Thumbprint of the DPoP public key.

Note: if it is not possible to load the thumbprint from the currently held key, an empty string is returned.

Methods

isEqual(_:)

override public func isEqual(_ object: Any?) -> Bool

encode(to:)

public func encode(to encoder: Encoder) throws

Parameters

Name	Description
encoder	The encoder to write data to.

init(from:)

public required init(from decoder: Decoder) throws

Parameters

Name	Description
decoder	The decoder to read data from.

createProof(httpMethod:url:)

Create a DPoP proof token (a signed JWT) for the provided HTTP-method and URL. To sign the JWT, the cryptographic key of the Dpop context is used. This method can only be used when running Curity Identity Server versions below 7.1 which use legacy DPoP Proof configuration or when client is explicitly configured to use legacy DPoP Proof.

Parameter httpMethod: the HTTP method of the request to authenticate
Parameter url: the URL of the request to authenticate
Returns: a string containing the compact serialization of a signed JWT that can be used as DPoP Proof Token for the request of url by httpMethod
Throws: CryptoError when an error occurred with performing cryptographic operations

createProof(httpMethod:url:nonce:accessToken:)

public func createProof(httpMethod: String,
                        url: URL,
                        nonce: String? = nil,
                        accessToken: String? = nil) throws -> String

Create a DPoP proof token (a signed JWT) for the provided HTTP-method and URL. To sign the JWT, the cryptographic key of the Dpop context is used.

Parameter httpMethod: the HTTP method of the request to authenticate
Parameter url: the URL of the request to authenticate
Parameter nonce: the current DPoP nonce held
Parameter accessToken: the current held access token
Returns: a string containing the compact serialization of a signed JWT that can be used as DPoP Proof Token for the request of url by httpMethod
Throws: CryptoError when an error occurred with performing cryptographic operations
Note: When running Curity Identity Server versions below 7.1 which use legacy DPoP Proof configuration or when client is explicitly configured to use legacy DPoP Proof, omit parameters nonce and accessToken.

Parameters

Name	Description
httpMethod	the HTTP method of the request to authenticate
url	the URL of the request to authenticate
nonce	the current DPoP nonce held
accessToken	the current held access token

getHeaderValue(httpMethod:url:)

Calculate the DPoP request header value that can be used to authenticate a request of url by httpMethod. This method can only be used if running Curity Identity Server versions below 7.1 which use legacy DPoP Proof configuration or when client is explicitly configured to use legacy DPoP Proof.

Parameter httpMethod: the HTTP method of the request to authenticate
Parameter url: the URL of the request to authenticate
Returns a String with the header value
Throws: CryptoError exception when the DPoP proof token could not be generated due to a cryptograhic error

getHeaderValue(httpMethod:url:nonce:accessToken:)

public func getHeaderValue(httpMethod: String,
                           url: URL,
                           nonce: String? = nil,
                           accessToken: String? = nil) throws -> String

Calculate the DPoP request header value that can be used to authenticate a request of url by httpMethod.

Parameter httpMethod: the HTTP method of the request to authenticate
Parameter url: the URL of the request to authenticate
Parameter nonce: the current DPoP nonce held
Parameter accessToken: the current held access token
Returns a String with the header value
Throws: CryptoError exception when the DPoP proof token could not be generated due to a cryptograhic error
Note: When running Curity Identity Server versions below 7.1 which use legacy DPoP Proof configuration or when client is explicitly configured to use legacy DPoP Proof, omit parameters nonce and accessToken.

Parameters

Name	Description
httpMethod	the HTTP method of the request to authenticate
url	the URL of the request to authenticate
nonce	the current DPoP nonce held
accessToken	the current held access token