gazagnaire.org / ocaml-csrf
CSRF protection using HMAC-signed state tokens (RFC 5869, RFC 2104)
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ocaml-csrf / README.md
at main 38 lines 1.0 kB view raw view rendered
Thomas Gazagnaire ocaml-csrf: fix README verify_state arity
37d20279
1## CSRF - CSRF protection using HMAC-signed state tokens 2 3CSRF protection using HMAC-signed state tokens with HKDF key derivation (RFC 5869) and constant-time signature verification. Provides `sign_state` and `verify_state` functions for secure OAuth state parameters. 4 5## Installation 6 7Install with opam: 8 9<!-- $MDX skip --> 10```sh 11$ opam install csrf 12``` 13 14If opam cannot find the package, it may not yet be released in the public 15`opam-repository`. Add the overlay repository, then install it: 16 17<!-- $MDX skip --> 18```sh 19$ opam repo add samoht https://tangled.org/gazagnaire.org/opam-overlay.git 20$ opam update 21$ opam install csrf 22``` 23 24## Documentation 25 26## Example 27 28Use a signed state value for OAuth redirects and verify the exact value 29when the browser returns: 30 31```ocaml 32let signed = Csrf.sign_state ~secret:"server secret" "oauth-login" 33 34let () = 35 match Csrf.verify_state ~secret:"server secret" signed with 36 | Some payload -> assert (payload = "oauth-login") 37 | None -> failwith "tampered state" 38```