Function: getDPoPHandle()
August 29, 2025 ยท View on GitHub
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
โธ getDPoPHandle(config, keyPair, options?): DPoPHandle
Returns a wrapper / handle around a public/private key pair that is used for negotiating and proving proof-of-possession to sender-constrain OAuth 2.0 tokens via DPoP at the Authorization Server and Resource Server.
Support for DPoP at the authorization is indicated by
ServerMetadata.dpop_signing_alg_values_supported. Whether the
authorization server ends up sender-constraining the access token is at the
server's discretion. When an access token is sender-constrained then the
resulting
token\_type will be dpop.
This wrapper / handle also keeps track of server-issued nonces, allowing this module to automatically retry requests with a fresh nonce when the server indicates the need to use one.
Note
Public Clients that use DPoP will also get their Refresh Token
sender-constrained, this binding is not indicated in the response.
Parameters
| Parameter | Type | Description |
|---|---|---|
config | Configuration | - |
keyPair | CryptoKeyPair | CryptoKeyPair to sign the DPoP Proof JWT, randomDPoPKeyPair may be used to generate it |
options? | ModifyAssertionOptions | - |
Returns
See
RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession (DPoP)