DPoPValidator (FSharp.ATProto)

DPoPValidator Module

Namespace: FSharp.ATProto.OAuthServer
Assembly: FSharp.ATProto.OAuthServer.dll

Server-side DPoP (Demonstration of Proof-of-Possession) proof validation. Validates JWT proofs per RFC 9449, ensuring the client possesses the private key corresponding to the public key in the proof header.

Functions and values

Function or value Description

Function or value	Description
`parseAndVerifyProof dpopHeader httpMethod httpUrl replayStore expectedAccessTokenHash expectedNonce now maxAge` Full Usage: `parseAndVerifyProof dpopHeader httpMethod httpUrl replayStore expectedAccessTokenHash expectedNonce now maxAge` Parameters: dpopHeader : `string` httpMethod : `string` httpUrl : `string` replayStore : `IReplayStore` expectedAccessTokenHash : `string option` expectedNonce : `string option` now : `DateTimeOffset` maxAge : `TimeSpan` Returns: `Task<Result<string, OAuthServerError>>`	Parse and verify a DPoP proof JWT. Returns Ok(jwkThumbprint) on success, or Error with a descriptive OAuthServerError. Parameters: - dpopHeader: The DPoP JWT string from the DPoP HTTP header - httpMethod: The HTTP method of the request (e.g., "POST") - httpUrl: The HTTP URL of the request - replayStore: Store for replay detection of jti values - expectedAccessTokenHash: If present, the ath claim must match - expectedNonce: If present, the nonce claim must match - now: Current time for freshness checks - maxAge: Maximum acceptable age for the proof dpopHeader : `string` httpMethod : `string` httpUrl : `string` replayStore : `IReplayStore` expectedAccessTokenHash : `string option` expectedNonce : `string option` now : `DateTimeOffset` maxAge : `TimeSpan` Returns: `Task<Result<string, OAuthServerError>>`


                
                  
                    
                      parseAndVerifyProof dpopHeader httpMethod httpUrl replayStore expectedAccessTokenHash expectedNonce now maxAge

Full Usage: parseAndVerifyProof dpopHeader httpMethod httpUrl replayStore expectedAccessTokenHash expectedNonce now maxAge

Parameters:

dpopHeader : string

httpMethod : string

httpUrl : string

replayStore : IReplayStore

expectedAccessTokenHash : string option

expectedNonce : string option

now : DateTimeOffset

maxAge : TimeSpan

Returns: Task<Result<string, OAuthServerError>>

Parse and verify a DPoP proof JWT. Returns Ok(jwkThumbprint) on success, or Error with a descriptive OAuthServerError. Parameters: - dpopHeader: The DPoP JWT string from the DPoP HTTP header - httpMethod: The HTTP method of the request (e.g., "POST") - httpUrl: The HTTP URL of the request - replayStore: Store for replay detection of jti values - expectedAccessTokenHash: If present, the ath claim must match - expectedNonce: If present, the nonce claim must match - now: Current time for freshness checks - maxAge: Maximum acceptable age for the proof

dpopHeader : string
httpMethod : string
httpUrl : string
replayStore : IReplayStore
expectedAccessTokenHash : string option
expectedNonce : string option
now : DateTimeOffset
maxAge : TimeSpan

Returns: Task<Result<string, OAuthServerError>>