# `Attesto.DPoP.NonceStore`
[🔗](https://github.com/XukuLLC/attesto/blob/v0.13.0/lib/attesto/dpop/nonce_store.ex#L1)

Storage seam for server-issued DPoP nonces (RFC 9449 §8).

A server that wants to bound a DPoP proof's lifetime issues an opaque,
time-limited nonce, returns it in a `DPoP-Nonce` response header, and
requires the client to echo it in the next proof's `nonce` claim. This
behaviour is where those nonces live: `issue/1` mints one, `valid?/1`
reports whether a presented nonce is still live.

`Attesto.DPoP.NonceStore.ETS` is a ready single-node implementation whose
`validate/1` plugs straight into `Attesto.DPoP.verify_proof/2`'s
`:nonce_check`. A multi-node deployment implements this over a shared
store (the nonce a client received from one node must be honoured on
another).

# `issue`

```elixir
@callback issue(ttl_seconds :: pos_integer()) :: String.t()
```

Mint and store a fresh nonce valid for `ttl_seconds`, returning the
opaque nonce string to put in a `DPoP-Nonce` header.

# `valid?`

```elixir
@callback valid?(nonce :: String.t()) :: boolean()
```

Returns true iff `nonce` was issued by this store and has not expired.

---

*Consult [api-reference.md](api-reference.md) for complete listing*