multipaz-openid4vci-server/org.multipaz.openid4vci.util/validateClientAttestation

validateClientAttestation

suspend fun validateClientAttestation(request: ApplicationRequest, clientId: String): EcPublicKey?

Ensures Oauth client attestation attached to the given HTTP request is valid.

See https://drafts.oauth.net/draft-ietf-oauth-attestation-based-client-auth/draft-ietf-oauth-attestation-based-client-auth.html

Return

attestation public key

Throws

request is syntactically incorrect

attestation or attestation proof-of-possession signature is not valid