Module nonce

Stateless DPoP-Nonce issuance & verification using HMAC-SHA256.

Nonce format (binary, then base64url(no-pad)): version(1) || ts_be(8) || rand(16) || mac(16)

mac = HMAC-SHA256(secret, version || ts || rand || ctx_bytes)[..16] ctx_bytes = concatenation of tagged optional fields: b“HTU\0“ + htu + b“\0“ (if provided) b“HTM\0“ + htm + b“\0“ (if provided) b“JKT\0“ + jkt + b“\0“ (if provided)

Structs

NonceCtx

Optional binding context (only fields you want to bind).

Traits

IntoSecretBox

Helper trait to convert various secret types into SecretBox<[u8]>. This allows functions to accept both SecretBox<[u8]> and non-boxed types like &[u8] or Vec<u8>.

Functions

issue_nonce

Issue a fresh nonce bound to the given context.

verify_nonce

Verify a nonce with age & skew limits, re-binding to the given context. On success returns Ok(()); on failure returns a DpopError (NonceMismatch/NonceStale/FutureSkew).

verify_nonce_with_any

Verify against multiple secrets (e.g., key rotation: current, previous).