Function: getDPoPHandle()

August 29, 2025 ยท View on GitHub

๐Ÿ’— Help the project

Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.


โ–ธ getDPoPHandle(config, keyPair, options?): DPoPHandle

Returns a wrapper / handle around a public/private key pair that is used for negotiating and proving proof-of-possession to sender-constrain OAuth 2.0 tokens via DPoP at the Authorization Server and Resource Server.

Support for DPoP at the authorization is indicated by ServerMetadata.dpop_signing_alg_values_supported. Whether the authorization server ends up sender-constraining the access token is at the server's discretion. When an access token is sender-constrained then the resulting token\_type will be dpop.

This wrapper / handle also keeps track of server-issued nonces, allowing this module to automatically retry requests with a fresh nonce when the server indicates the need to use one.

Note


Public Clients that use DPoP will also get their Refresh Token sender-constrained, this binding is not indicated in the response.

Parameters

ParameterTypeDescription
configConfiguration-
keyPairCryptoKeyPairCryptoKeyPair to sign the DPoP Proof JWT, randomDPoPKeyPair may be used to generate it
options?ModifyAssertionOptions-

Returns

DPoPHandle

See

RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession (DPoP)