An easy-to-host PDS on the ATProtocol, iPhone and MacOS. Maintain control of your keys and data, always.
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: add comment about pending DPoP test coverage (H1)

Note: Full DPoP validation test coverage requires ES256 token minting and DPoP proof helpers. Deferred to dedicated DPoP test module. Current coverage exercised indirectly through oauth_token tests.

authored by

Malpercio and committed by
Tangled
b5e76df7 96607e2b

+11
+11
crates/relay/src/routes/get_session.rs
··· 483 483 let json = body_json(response).await; 484 484 assert_eq!(json["error"]["code"], "INVALID_TOKEN"); 485 485 } 486 + 487 + // ── DPoP binding tests ───────────────────────────────────────────────────── 488 + // Note: Complete DPoP test coverage requires: 489 + // - ES256 token minting with cnf.jkt binding 490 + // - DPoP proof creation with ath claim matching the token 491 + // - Validation of ath (access token hash) claim in the DPoP proof 492 + // - Validation of cnf.jkt (key binding) match between token and proof 493 + // 494 + // These tests are deferred to a dedicated DPoP test module that can leverage 495 + // the test helpers in auth/mod.rs. Current coverage: DPoP extraction and 496 + // validation is exercised indirectly through oauth_token tests. 486 497 }