Attesto.StepUp.Requirement (Attesto v0.13.0)

Copy Markdown View Source

A normalized RFC 9470 step-up authentication requirement for a protected route.

Two independent dimensions, both optional but at least one required:

  • :acr_values - the set of Authentication Context Class References the presented token's acr claim must be one of (RFC 9470 §3 / OIDC Core §2). Empty means "no acr constraint".
  • :max_age - the maximum age, in seconds, of the end-user authentication event: the token's auth_time must be no older than now - max_age. nil means "no freshness constraint".

Summary

Types

t()

Functions

parse(req)

Build and validate a requirement from a %Requirement{} or a keyword list (acr_values: and/or max_age:).

Types

t()

@type t() :: %Attesto.StepUp.Requirement{
  acr_values: [String.t()],
  max_age: non_neg_integer() | nil
}

Functions

parse(req)

@spec parse(t() | keyword()) :: t()

Build and validate a requirement from a %Requirement{} or a keyword list (acr_values: and/or max_age:).

Fail-closed at configuration time: a malformed :acr_values / :max_age, or a requirement that constrains neither dimension, raises ArgumentError so a misconfigured route is caught at boot rather than silently never challenging.