Header menu logo FSharp.ATProto

TokenSigner Module

Namespace: FSharp.ATProto.OAuthServer
Assembly: FSharp.ATProto.OAuthServer.dll

Access token JWT creation and signing.

Functions and values

Function or value Description

createAccessToken config sub clientId scope dpopJkt issuedAt

Full Usage: createAccessToken config sub clientId scope dpopJkt issuedAt

Parameters:
Returns: string

Create a signed access token JWT (at+jwt). Returns a compact JWS string (header.payload.signature).

config : OAuthServerConfig
sub : Did
clientId : string
scope : string
dpopJkt : string
issuedAt : DateTimeOffset
Returns: string

createRefreshToken ()

Full Usage: createRefreshToken ()

Parameters:
    () : unit

Returns: string

Generate an opaque refresh token (cryptographically random string).

() : unit
Returns: string

createSigningKey ()

Full Usage: createSigningKey ()

Parameters:
    () : unit

Returns: ECDsa

Create a new ES256 (P-256) key pair for server signing.

() : unit
Returns: ECDsa

exportJwks key

Full Usage: exportJwks key

Parameters:
Returns: string

Export public key as JWKS (JWK Set): {"keys":[]}.

key : ECDsa
Returns: string

exportPublicJwk key

Full Usage: exportPublicJwk key

Parameters:
Returns: string

Export the public key of an ECDsa key pair as a JWK JSON string. Includes kty, crv, x, y, kid (JWK thumbprint), use, and alg fields.

key : ECDsa
Returns: string

makeSigningFunction key data

Full Usage: makeSigningFunction key data

Parameters:
    key : ECDsa
    data : byte[]

Returns: byte[]

Create a signing function from an ECDsa key. Signs data with SHA-256 and returns the signature bytes.

key : ECDsa
data : byte[]
Returns: byte[]

parseAccessTokenKid jwt

Full Usage: parseAccessTokenKid jwt

Parameters:
    jwt : string

Returns: string option

Extract the kid from an access token JWT header without verifying signature. Returns None if the token is malformed or the kid field is missing.

jwt : string
Returns: string option

Type something to start searching.