NeilMadden/DPoP.java

## DPoP.java
        // Shared context of the request:
        String accessToken = "an_access_token";
        String origin = "https://api.example.com:443";
        JweHeader header = new JweHeader();
        header.setAgreementPartyUInfo(Base64url.encode(accessToken));
        header.setAgreementPartyVInfo(Base64url.encode(origin));

        // Server - generate challenge
        OkpJWK ephemeral = OkpJWK.generateKeyPair(X25519);
        String challenge = Base64url.encode(ephemeral.toPublicJwk().get().toJsonValue().toString());
        System.out.println("WWW-Authenticate: DPoP " + challenge);

        // Client - derive HMAC key
        OkpJWK staticKeys = OkpJWK.generateKeyPair(X25519);
        ECDHDerivedKey ecdh = new ECDHDerivedKey(staticKeys.toPrivateKey(), "HmacSHA256", 256);
        ecdh.setTheirPublicKey(ephemeral.toPublicKey());
        ecdh.setOtherInfo(ECDHEncryptionHandler.generateOtherInfo(header, "HS256", 256));
        SecretKey hmacKey = ecdh.getDerivedKey();

        // Client - generate response
        String jwt = JOSE.jws(new HmacSigningHandler(hmacKey))
                .headers().alg(JwsAlgorithm.HS256).headerIfNotNull("kid", ephemeral.getKeyId()).done()
                .claims(JOSE.claims().claim("htm", "POST").claim("htu", "https://api.example.com/foo").build())
                .build();
        System.out.println("Authorization: DPoP at=" + accessToken + ", jwt=" + jwt);

        // Server - validate response
        PublicKey confirmationKey = staticKeys.toPublicKey(); // Received from token introspection
        ecdh = new ECDHDerivedKey(ephemeral.toPrivateKey(), "HmacSHA256", 256);
        ecdh.setTheirPublicKey(confirmationKey);
        ecdh.setOtherInfo(ECDHEncryptionHandler.generateOtherInfo(header, "HS256", 256));
        hmacKey = ecdh.getDerivedKey();
        SignedJwt response = JOSE.reconstruct(jwt, SignedJwt.class);
        assertThat(response.verify(new HmacSigningHandler(hmacKey))).isTrue();
	// Shared context of the request:
	String accessToken = "an_access_token";
	String origin = "https://api.example.com:443";
	JweHeader header = new JweHeader();
	header.setAgreementPartyUInfo(Base64url.encode(accessToken));
	header.setAgreementPartyVInfo(Base64url.encode(origin));

	// Server - generate challenge
	OkpJWK ephemeral = OkpJWK.generateKeyPair(X25519);
	String challenge = Base64url.encode(ephemeral.toPublicJwk().get().toJsonValue().toString());
	System.out.println("WWW-Authenticate: DPoP " + challenge);

	// Client - derive HMAC key
	OkpJWK staticKeys = OkpJWK.generateKeyPair(X25519);
	ECDHDerivedKey ecdh = new ECDHDerivedKey(staticKeys.toPrivateKey(), "HmacSHA256", 256);
	ecdh.setTheirPublicKey(ephemeral.toPublicKey());
	ecdh.setOtherInfo(ECDHEncryptionHandler.generateOtherInfo(header, "HS256", 256));
	SecretKey hmacKey = ecdh.getDerivedKey();

	// Client - generate response
	String jwt = JOSE.jws(new HmacSigningHandler(hmacKey))
	.headers().alg(JwsAlgorithm.HS256).headerIfNotNull("kid", ephemeral.getKeyId()).done()
	.claims(JOSE.claims().claim("htm", "POST").claim("htu", "https://api.example.com/foo").build())
	.build();
	System.out.println("Authorization: DPoP at=" + accessToken + ", jwt=" + jwt);

	// Server - validate response
	PublicKey confirmationKey = staticKeys.toPublicKey(); // Received from token introspection
	ecdh = new ECDHDerivedKey(ephemeral.toPrivateKey(), "HmacSHA256", 256);
	ecdh.setTheirPublicKey(confirmationKey);
	ecdh.setOtherInfo(ECDHEncryptionHandler.generateOtherInfo(header, "HS256", 256));
	hmacKey = ecdh.getDerivedKey();
	SignedJwt response = JOSE.reconstruct(jwt, SignedJwt.class);
	assertThat(response.verify(new HmacSigningHandler(hmacKey))).isTrue();