gazagnaire.org / ocaml-csrf
CSRF protection using HMAC-signed state tokens (RFC 5869, RFC 2104)
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ocaml-csrf / README.md
at main 1.0 kB view raw view code
Thomas Gazagnaire ocaml-csrf: fix README verify_state arity
37d20279

CSRF - CSRF protection using HMAC-signed state tokens#

CSRF protection using HMAC-signed state tokens with HKDF key derivation (RFC 5869) and constant-time signature verification. Provides sign_state and verify_state functions for secure OAuth state parameters.

Installation#

Install with opam:

$ opam install csrf

If opam cannot find the package, it may not yet be released in the public opam-repository. Add the overlay repository, then install it:

$ opam repo add samoht https://tangled.org/gazagnaire.org/opam-overlay.git
$ opam update
$ opam install csrf

Documentation#

Example#

Use a signed state value for OAuth redirects and verify the exact value when the browser returns:

let signed = Csrf.sign_state ~secret:"server secret" "oauth-login"

let () =
  match Csrf.verify_state ~secret:"server secret" signed with
  | Some payload -> assert (payload = "oauth-login")
  | None -> failwith "tampered state"