Class: AtprotoAuth::DPoP::ProofGenerator

Inherits:

Object

• Object
• AtprotoAuth::DPoP::ProofGenerator

Defined in:

lib/atproto_auth/dpop/proof_generator.rb

Overview

Creates and manages DPoP proof JWTs according to RFC 9449. DPoP proofs are used to prove possession of a key when making HTTP requests. Each proof is a JWT that includes details about the request and is signed by the DPoP key.

Defined Under Namespace

Classes: ProofError

Instance Attribute Summary

• #key_manager ⇒ KeyManager readonly

  The key manager used for signing proofs.

Instance Method Summary

• #generate(http_method:, http_uri:, nonce: nil, access_token: nil, ath: nil) ⇒ String

  Generates a new DPoP proof JWT for an HTTP request.

• #initialize(key_manager) ⇒ ProofGenerator constructor

  Creates a new ProofGenerator instance.

Constructor Details

#initialize(key_manager) ⇒ ProofGenerator

Creates a new ProofGenerator instance

Parameters:

• key_manager (KeyManager) —

  Key manager to use for signing proofs

Raises:

• (ProofError) —

  if key_manager is invalid

# File 'lib/atproto_auth/dpop/proof_generator.rb', line 22

def initialize(key_manager)
  raise ProofError, "key_manager is required" unless key_manager
  raise ProofError, "invalid key_manager type" unless key_manager.is_a?(KeyManager)

  @key_manager = key_manager
end

Instance Attribute Details

#key_manager ⇒ KeyManager (readonly)

Returns The key manager used for signing proofs.

Returns:

• (KeyManager) —

  The key manager used for signing proofs

# File 'lib/atproto_auth/dpop/proof_generator.rb', line 17

def key_manager
  @key_manager
end

Instance Method Details

#generate(http_method:, http_uri:, nonce: nil, access_token: nil, ath: nil) ⇒ String

Generates a new DPoP proof JWT for an HTTP request

Parameters:

• http_method (String) —

  HTTP method (e.g. “POST”)

• http_uri (String) —

  Full HTTP URI for the request

• nonce (String, nil) (defaults to: nil) —

  Server-provided nonce (required if available)

• access_token (String, nil) (defaults to: nil) —

  Access token being used (if any)

• ath (Boolean) (defaults to: nil) —

  Whether to include access token hash (default: true if token provided)

Returns:

• (String) —

  The signed DPoP proof JWT

Raises:

• (ProofError) —

  if generation fails or parameters are invalid

# File 'lib/atproto_auth/dpop/proof_generator.rb', line 37

def generate(http_method:, http_uri:, nonce: nil, access_token: nil, ath: nil)
  validate_inputs!(http_method, http_uri)
  ath = !access_token.nil? if ath.nil?

  header = build_header
  payload = build_payload(
    http_method: http_method,
    http_uri: http_uri,
    nonce: nonce,
    access_token: access_token,
    include_ath: ath
  )

  key_manager.sign_segments(header, payload)
rescue StandardError => e
  raise ProofError, "Failed to generate proof: #{e.message}"
end