gpop

gpop is a tiny Gleam helper for producing DPoP proofs with gleam_http requests. It uses Erlang’s public_key module under the hood to generate and sign ES256 keys, so you can bind proofs to requests and bearer tokens without leaving Gleam.

gleam add gpop@1

import gleam/http
import gleam/http/request
import gleam/option
import gpop

pub fn main() {
  let key = gpop.generate_key()

  // When getting a new DPoP token
  request.new()
  |> request.set_method(http.Post)
  |> request.set_host("auth-server.example")
  |> request.set_path("/token")
  |> gpop.with_proof(key:, nonce: option.None)


  // Later, when using the obtained access token:
  request.new()
  |> request.set_method(http.Get)
  |> request.set_host("resource-server.example")
  |> request.set_path("/some-resource")
  |> gpop.with_authorization(key:, access_token, nonce: option.Some(nonce))
}

Further documentation can be found at https://hexdocs.pm/gpop.

Development

gleam test  # Run the tests

The future

• Support more signing algorithms (Please open an issue)
• Verify DPoP tokens