1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
diff --git a/examples/code.ts b/examples/dpop.tsindex 98576c1..aa2cb90 100644--- a/examples/code.ts+++ b/examples/dpop.ts@@ -1,5 +1,9 @@ import * as oauth from '../src/index.js' +// in order to take full advantage of DPoP you shall generate a random private key for every session+// in the browser environment you shall use IndexedDB to persist the generated CryptoKeyPair+const DPoP = await oauth.generateKeyPair('ES256')+ const issuer = new URL('https://example.as.com') const as = await oauth   .discoveryRequest(issuer)@@ -54,6 +58,7 @@ let access_token: string     params,     redirect_uri,     code_verifier,+    { DPoP },   )    let challenges: oauth.WWWAuthenticateChallenge[] | undefined@@ -67,6 +72,9 @@ let access_token: string   const result = await oauth.processAuthorizationCodeOpenIDResponse(as, client, response)   if (oauth.isOAuth2Error(result)) {     console.log('error', result)+    if (result.error === 'use_dpop_nonce') {+      // the AS-signalled nonce is now cached, you should retry+    }     throw new Error() // Handle OAuth 2.0 response body error   } @@ -79,12 +87,15 @@ let access_token: string  // fetch userinfo response {-  const response = await oauth.userInfoRequest(as, client, access_token)+  const response = await oauth.userInfoRequest(as, client, access_token, { DPoP })    let challenges: oauth.WWWAuthenticateChallenge[] | undefined   if ((challenges = oauth.parseWwwAuthenticateChallenges(response))) {     for (const challenge of challenges) {       console.log('challenge', challenge)+      if (challenge.scheme === 'dpop' && challenge.parameters.error === 'use_dpop_nonce') {+        // the AS-signalled nonce is now cached, you should retry+      }     }     throw new Error() // Handle www-authenticate challenges as needed   }