api-scripts/org.cryptotrader.api.library.scripts.dpop/validateProofBasics

validateProofBasics

fun validateProofBasics(dpopJwt: String?, requestMethod: String, requestUri: String, skewToleranceSeconds: Long = 10): Boolean

Perform basic structural validation of a DPoP proof without cryptographic checks.

This method checks only:

  • htm equals the provided HTTP method

  • htu, after normalization (scheme/host lowercased, default port removed), equals the provided URL

  • iat is within the allowed clock skew window

It does NOT verify the JWS signature or the optional 'ath' claim. Use a proper verifier in production.

Return

true if the structural checks pass; false otherwise

Parameters

dpopJwt

the compact DPoP JWT from the DPoP header

requestMethod

the HTTP method string to compare against the proof's htm

requestUri

the absolute URL to compare against the proof's htu

skewToleranceSeconds

allowed skew (seconds) for iat freshness check (default 10s)