server/src/jose_wrapper.gleam at main · slices.network/quickslice

slices.network / quickslice

fork atom

Auto-indexing service and GraphQL API for AT Protocol Records quickslice.slices.network/

atproto gleam graphql

fork atom

quickslice / server / src / jose_wrapper.gleam

at main 58 lines 1.9 kB view raw

wrap content

chadtmiller.com initial commit 4mo ago

43c083d5

 1/// Gleam wrapper for JOSE (JSON Object Signing and Encryption) library
 2/// Provides functions for DPoP proof generation using Erlang's jose library
 3import gleam/option.{type Option}
 4
 5/// Generate a DPoP proof JWT token with optional nonce
 6///
 7/// Creates a signed JWT token for DPoP (Demonstrating Proof-of-Possession) authentication.
 8/// The token includes:
 9/// - jti: Unique nonce for this proof
10/// - htm: HTTP method (GET, POST, etc.)
11/// - htu: HTTP URI being accessed
12/// - iat: Timestamp when proof was created
13/// - ath: Base64url-encoded SHA-256 hash of the access token
14/// - nonce: Optional DPoP nonce from server (if provided)
15///
16/// # Arguments
17/// * `method` - HTTP method (e.g., "POST", "GET")
18/// * `url` - Full URL being accessed
19/// * `access_token` - OAuth access token
20/// * `jwk_json` - JSON Web Key as a JSON string
21/// * `nonce` - Optional nonce from server's DPoP-Nonce header
22///
23/// # Returns
24/// * `Ok(String)` - The DPoP proof token (compact JWT format)
25/// * `Error(String)` - Error message if generation fails
26pub fn generate_dpop_proof_with_nonce(
27  method: String,
28  url: String,
29  access_token: String,
30  jwk_json: String,
31  nonce: Option(String),
32) -> Result(String, String) {
33  case nonce {
34    option.Some(n) ->
35      generate_dpop_proof_internal(method, url, access_token, jwk_json, n)
36    option.None ->
37      generate_dpop_proof_internal(method, url, access_token, jwk_json, "")
38  }
39}
40
41@external(erlang, "jose_ffi", "generate_dpop_proof")
42fn generate_dpop_proof_internal(
43  method: String,
44  url: String,
45  access_token: String,
46  jwk_json: String,
47  nonce: String,
48) -> Result(String, String)
49
50/// Hash a string using SHA-256
51///
52/// # Arguments
53/// * `data` - The string to hash
54///
55/// # Returns
56/// Base64-encoded SHA-256 hash
57@external(erlang, "jose_ffi", "sha256_hash")
58pub fn sha256_hash(data: String) -> String