DPoPSigner(
*,
private_key,
public_jwk,
algorithm,
include_query=False,
)
Bases: PopSigningBase
Signer that emits dpop+jwt proofs.
Source code in swarmauri_pop_dpop/dpop.py
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187 | def __init__(
self,
*,
private_key,
public_jwk: Mapping[str, object],
algorithm: str,
include_query: bool = False,
) -> None:
super().__init__(
kind=PoPKind.JWT_DPoP, header_name="DPoP", include_query=include_query
)
self._private_key = private_key
self._public_jwk = dict(public_jwk)
self._algorithm = algorithm
self._thumbprint = _compute_jwk_thumbprint(self._public_jwk)
|
Source code in swarmauri_pop_dpop/dpop.py
| def cnf_binding(self) -> CnfBinding:
return CnfBinding(BindType.JKT, self._thumbprint)
|
sign_request(
method,
url,
*,
kid=None,
jti=None,
ath_b64u=None,
extra_claims=None,
)
Source code in swarmauri_pop_dpop/dpop.py
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214 | def sign_request(
self,
method: str,
url: str,
*,
kid: Optional[bytes] = None,
jti: Optional[str] = None,
ath_b64u: Optional[str] = None,
extra_claims: Mapping[str, object] | None = None,
) -> str:
claims = self._base_claims(method, url, jti=jti, ath_b64u=ath_b64u)
payload = self._merge_claims(claims, extra_claims)
headers = {"typ": "dpop+jwt", "jwk": self._public_jwk}
if kid is not None:
headers["kid"] = (
kid.decode("utf-8") if isinstance(kid, (bytes, bytearray)) else str(kid)
)
token = jwt.encode(
payload, self._private_key, algorithm=self._algorithm, headers=headers
)
return token
|