Repository
Current version released
10 months ago
dpop
OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for JavaScript Runtimes
💗 Help the project
Dependencies: 0
API Reference
dpop is distributed via npmjs.com, jsdelivr.com, and github.com.
Example
ESM import[^cjs]
import * as DPoP from 'dpop'DPoP Key Pair generation
const keypair = await DPoP.generateKeyPair('ES256', { extractable: false })AS proof generation
let nonce!: string | undefined
const proof = await DPoP.generateProof(keypair, 'https://as.example.com/token', 'POST', nonce)AS proof generation
let nonce!: string | undefined
let accessToken!: string
const proof = await DPoP.generateProof(
keypair,
'https://rs.example.com/api',
'GET',
nonce,
accessToken,
)Supported Runtimes
The supported JavaScript runtimes include those that support the utilized Web API globals and standard built-in objects. These are (but are not limited to):
- Browsers
- Bun
- Cloudflare Workers
- Deno
- Electron
- Node.js[^nodejs]
- Vercel’s Edge Runtime
Supported Versions
| Version | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ |
|---|---|---|---|
| v2.x | Security Policy | ✅ | ✅ |
[^cjs]: CJS style let dpop = require('dpop') is possible in Node.js versions where the require(esm) feature is enabled by default (^20.19.0 || ^22.12.0 || >= 23.0.0).
[^nodejs]: Node.js v20.x as baseline is required