Closed andrea-dintino closed 10 months ago
It already allows you to specify a string dictionary for headers of all supported http methods:
Given I connect to 'host' and send object 'dataToPost' and send headers 'stringDict" and do post
If this isn't something you're seeking for, please let me know.
DPOP (https://datatracker.ietf.org/doc/html/rfc9449) requires proof-of-possession to transit inside HTTP requests. DPOP requires an ecdsa signature on P-256 performed on a token and packaged (somehow) in the headers. The signature will occur in TEE (also to be managed via Slangroom?) ideally (!) in the same script as the GET/POST creation.
Examples:
Taken from: https://developer.okta.com/docs/guides/dpop/main/#build-the-request
Reference implementation: https://github.com/italia/eudi-wallet-it-python/tree/dev/pyeudiw/oauth2/dpop