Skip to content

Latest commit

 

History

History
31 lines (25 loc) · 1.63 KB

File metadata and controls

31 lines (25 loc) · 1.63 KB

Configuring the DPoP Proof Verifier

This library provides the DPoPProofVerifier. Its only mandatory dependencies are a PSR-20 compliant clock and an implementation of this libraries DPoPProofTokenLoaderInterface.

See the Token Loader docs to see what implementations are available or how to create your own.

It also has optional dependencies to support the DPoP-Nonce header and to detect replay attacks.

Please see the Replay Attack and Nonce Factory docs for more information.

use danielburger1337\OAuth2\DPoP\DPoPProofVerifier;
use danielburger1337\OAuth2\DPoP\Exception\MissingDPoPProofException;
use danielburger1337\OAuth2\DPoP\NonceFactory\TotpNonceFactory;
use danielburger1337\OAuth2\DPoP\ReplayAttack\CacheReplayAttackDetector;

$verifier = new DPoPProofVerifier(
    // Required: PSR-20 implementation
    new Clock(),
    // Required: DPoPTokenLoaderInterface implementation
    new WebTokenFrameworkDPoPProofTokenLoader(...),
    // Optional: NonceFactoryInterface implementation or null to disable
    new TotpNonceFactory(...),
    // Optional: ReplayAttackDetectorInterface implementation or null to disable
    new CacheReplayAttackDetector(...),
    // Optional: Allowed time drift of the "iat" claim (not every client has a perfectly synchronized clock)
    5,
    // Optional: Maximum age in seconds of the presented DPoP proof
    30
);