Skip to content

Class swarmauri_pop_dpop.dpop.DPoPSigner

swarmauri_pop_dpop.dpop.DPoPSigner

DPoPSigner(
    *,
    private_key,
    public_jwk,
    algorithm,
    include_query=False,
)

Bases: PopSigningBase

Signer that emits dpop+jwt proofs.

Source code in swarmauri_pop_dpop/dpop.py
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
def __init__(
    self,
    *,
    private_key,
    public_jwk: Mapping[str, object],
    algorithm: str,
    include_query: bool = False,
) -> None:
    super().__init__(
        kind=PoPKind.JWT_DPoP, header_name="DPoP", include_query=include_query
    )
    self._private_key = private_key
    self._public_jwk = dict(public_jwk)
    self._algorithm = algorithm
    self._thumbprint = _compute_jwk_thumbprint(self._public_jwk)

cnf_binding

cnf_binding()
Source code in swarmauri_pop_dpop/dpop.py
189
190
def cnf_binding(self) -> CnfBinding:
    return CnfBinding(BindType.JKT, self._thumbprint)

sign_request

sign_request(
    method,
    url,
    *,
    kid=None,
    jti=None,
    ath_b64u=None,
    extra_claims=None,
)
Source code in swarmauri_pop_dpop/dpop.py
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
def sign_request(
    self,
    method: str,
    url: str,
    *,
    kid: Optional[bytes] = None,
    jti: Optional[str] = None,
    ath_b64u: Optional[str] = None,
    extra_claims: Mapping[str, object] | None = None,
) -> str:
    claims = self._base_claims(method, url, jti=jti, ath_b64u=ath_b64u)
    payload = self._merge_claims(claims, extra_claims)

    headers = {"typ": "dpop+jwt", "jwk": self._public_jwk}
    if kid is not None:
        headers["kid"] = (
            kid.decode("utf-8") if isinstance(kid, (bytes, bytearray)) else str(kid)
        )

    token = jwt.encode(
        payload, self._private_key, algorithm=self._algorithm, headers=headers
    )
    return token