oidc-provider
Version:
OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect
11 lines (8 loc) • 375 B
JavaScript
import * as jose from 'jose';
import { InvalidGrant } from './errors.js';
export async function checkAttestBinding(ctx, model) {
const { cnf: { jwk } } = jose.decodeJwt(ctx.get('oauth-client-attestation'));
if (model.attestationJkt !== await jose.calculateJwkThumbprint(jwk)) {
throw new InvalidGrant('oauth-client-attestation instance public key mismatch');
}
}