Skip to content
/ DPoP Public

A client and server implementation of DPoP over GRPC.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ConductorOne/DPoP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
docs
docs
 
 
integrations
integrations
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

DPoP (Demonstrating Proof of Possession)

This is a Go implementation of the OAuth 2.0 Demonstrating Proof of Possession (DPoP) specification.

Core Features

  • RFC 9449 compliant DPoP proof generation and validation
  • JTI-based replay attack prevention with configurable time windows
  • Built-in integrations:
    • net/http client and server middleware
    • gRPC interceptors
    • Gin framework middleware
    • Redis-backed JTI-replay prevention storage
  • Ed25519 and RSA signing key support
  • Context propagation throughout the API
  • No external dependencies in core package
  • Comprehensive test coverage

Project Structure

Core Package

  • pkg/dpop Go Reference
    • Core DPoP implementation including proof generation and validation
    • Implements the core RFC 9449 functionality

Framework Integrations

  • integrations/dpop_http - Standard net/http client and server implementations
  • integrations/dpop_grpc - gRPC client and server interceptors
  • integrations/dpop_gin - Gin framework middleware
  • integrations/jti_store_redis - Redis-based proof storage and validation

Usage Examples

Basic DPoP Proof Generation

import (
    "crypto/ed25519"
    "github.com/conductorone/dpop/pkg/dpop"
)

// Generate or load your private key
_, privateKey, _ := ed25519.GenerateKey(nil)

// Create a new proofer
proofer, err := dpop.NewProofer(privateKey)
if err != nil {
    // Handle error
}

// Generate a DPoP proof
proof, err := proofer.CreateProof(ctx, "POST", "https://api.example.com/token")

HTTP Client Integration

import (
    "crypto/ed25519"
    "github.com/conductorone/dpop/integrations/dpop_http"
)

// Generate or load your private key
_, privateKey, _ := ed25519.GenerateKey(nil)

// Create a DPoP-enabled HTTP transport
transport, err := dpop_http.NewTransport(
    http.DefaultTransport,
    privateKey,
    tokenSource, // your oauth2.TokenSource
)
if err != nil {
    // Handle error
}

// Create a client with the transport
client := &http.Client{Transport: transport}

// DPoP proofs are automatically attached to requests
resp, err := client.Get("https://api.example.com/resource")

gRPC Integration

import (
    "crypto/ed25519"
    "github.com/conductorone/dpop/integrations/dpop_grpc"
)

// Generate or load your private key
_, privateKey, _ := ed25519.GenerateKey(nil)

// Create and use a DPoP interceptor
interceptor, err := dpop_grpc.NewClientInterceptor(privateKey)
if err != nil {
    // Handle error
}

conn, err := grpc.Dial(
    address,
    grpc.WithUnaryInterceptor(interceptor.UnaryClientInterceptor()),
)

Security

If you discover a security issue, please report it by sending an email to security@conductorone.com. Please do not file a public issue or pull request.

We appreciate your help in making this project more secure and will acknowledge your contributions.

License

This project is licensed under the Apache License, Version 2.0. See the LICENSE file for details.

About

A client and server implementation of DPoP over GRPC.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 6

v0.1.3 Latest
Feb 24, 2025
+ 5 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages