- Generated by
1.9.8
|
cxxmcp 1.1.6
C++ MCP SDK
|
DPoP proof model and signing/verification boundaries. More...
#include <algorithm>#include <cctype>#include <chrono>#include <mutex>#include <optional>#include <string>#include <string_view>#include <unordered_map>#include <utility>#include "cxxmcp/auth/token.hpp"#include "cxxmcp/auth/types.hpp"#include "cxxmcp/core/result.hpp"Go to the source code of this file.
Classes | |
| class | mcp::auth::SecureString |
| Small owning string wrapper that zeroizes stored bytes on reset and destruction. More... | |
| struct | mcp::auth::DpopKey |
| Private key handle for DPoP proof generation. More... | |
| struct | mcp::auth::DpopProofRequest |
| Input for constructing a DPoP proof JWT. More... | |
| struct | mcp::auth::DpopProofClaims |
| Parsed or verified DPoP proof claims. More... | |
| class | mcp::auth::DpopReplayCache |
| Replay cache boundary used by DPoP proof validators. More... | |
| class | mcp::auth::InMemoryDpopReplayCache |
| Thread-safe in-memory replay cache for process-local DPoP validation. More... | |
| struct | mcp::auth::DpopClaimValidationOptions |
| Options for validating verified DPoP claims against an HTTP request. More... | |
| struct | mcp::auth::JwtVerificationRequest |
| Input for signature- and claims-verified JWT validation. More... | |
| struct | mcp::auth::VerifiedJwtClaims |
| Claims returned only after JWT signature and claim validation. More... | |
| class | mcp::auth::DpopSigner |
| DPoP proof construction boundary. More... | |
| struct | mcp::auth::DpopAuthorizationRequest |
| Input for authorizing an HTTP resource request with DPoP. More... | |
| struct | mcp::auth::DpopAuthorizationHeaders |
| Headers and proof produced for a DPoP-authorized request. More... | |
| class | mcp::auth::DpopVerifier |
| DPoP proof verification boundary for server-side auth providers. More... | |
| class | mcp::auth::JwtVerifier |
| JWT verification boundary for access tokens and client assertions. More... | |
Enumerations | |
| enum class | mcp::auth::JwtVerificationPurpose { kAccessToken , kIdToken , kClientAssertion , kDpopProof } |
| JWT verification purpose for OAuth/DPoP deployments. | |
Functions | |
| core::Error | mcp::auth::detail::dpop_error (std::string message, std::string detail={}) |
| std::string | mcp::auth::detail::uppercase_ascii (std::string_view value) |
| core::Result< core::Unit > | mcp::auth::validate_dpop_proof_claims (const DpopProofClaims &claims, const HttpRequestTarget &target, const std::optional< std::string > &access_token, const DpopClaimValidationOptions &options={}, DpopReplayCache *replay_cache=nullptr) |
| Validate DPoP claims after JWT signature verification. | |
| core::Result< DpopAuthorizationHeaders > | mcp::auth::build_dpop_proof_headers (DpopSigner &signer, DpopProofRequest request) |
Build only the DPoP proof header for an HTTP request. | |
| core::Result< DpopAuthorizationHeaders > | mcp::auth::build_dpop_authorization_headers (DpopSigner &signer, DpopAuthorizationRequest request) |
Build Authorization and DPoP headers for a resource request. | |
DPoP proof model and signing/verification boundaries.
|
inline |
Build only the DPoP proof header for an HTTP request.
The supplied signer owns JWS construction and cryptographic signing. This helper only validates required request-target fields and packages the returned proof into HTTP headers.
|
inline |
Validate DPoP claims after JWT signature verification.
This helper deliberately does not decode or verify JWT signatures. A real DPoP verifier should first validate the JWT cryptographically, then call this helper to enforce replay, clock skew, htm/htu, and ath binding rules.
1.9.8