Add ath and nonce as addtional parameters for genDpopToken function

Author: anushkavidanage

example/lib/screens/PrivateProfile.dart

@@ -34,12 +34,15 @@
 library;
 
 // Flutter imports:
+import 'dart:convert';
+
 import 'package:flutter/material.dart';
 
 import 'package:solid_auth/solid_auth.dart';
+import 'package:crypto/crypto.dart';
 
-import 'package:solid_auth_example/components/Header.dart';
 // Project imports:
+import 'package:solid_auth_example/components/Header.dart';
 import 'package:solid_auth_example/models/Constants.dart';
 import 'package:solid_auth_example/models/GetRdfData.dart';
 import 'package:solid_auth_example/models/SolidApi.dart' as rest_api;
@@ -184,10 +187,33 @@ class _PrivateProfileState extends State<PrivateProfile> {
     String accessToken = authData['accessToken'];
     //Map<String, dynamic> decodedToken = JwtDecoder.decode(accessToken);
 
+    // Optional: If needed one can provide encoded access token to be included
+    // in the dPoP proof. Currently this is not required for any of our
+    // community solid server configurations.
+
+    // Convert access token to ASCII bytes
+    // List<int> accesTokenBytes = utf8.encode(accessToken);
+    List<int> accesTokenBytes = accessToken.codeUnits;
+
+    // Hash using SHA-256
+    Digest hash = sha256.convert(accesTokenBytes);
+
+    // Convert hash to bytes for encoding
+    List<int> hashBytes = hash.bytes;
+
+    // Base64URL encoding
+    String base64UrlHash = base64Url.encode(hashBytes);
+
     // Get profile
     String profCardUrl = webId.replaceAll('#me', '');
-    String dPopToken =
-        genDpopToken(profCardUrl, rsaKeyPair, publicKeyJwk, 'GET');
+    String dPopToken = genDpopToken(
+      profCardUrl,
+      rsaKeyPair,
+      publicKeyJwk,
+      'GET',
+      // Optional parameter ath to provide encoded access token
+      // ath: base64UrlHash,
+    );
 
     return Scaffold(
       key: _scaffoldKey,

example/pubspec.yaml

@@ -9,6 +9,7 @@ environment:
 dependencies:
   flutter:
     sdk: flutter
+  crypto: ^3.0.6
   http: any
   jwt_decoder: ^2.0.1
   # solid_auth: ^0.1.6

lib/solid_auth_client.dart

@@ -121,8 +121,10 @@ String genDpopToken(
   String endPointUrl,
   KeyPair rsaKeyPair,
   dynamic publicKeyJwk,
-  String httpMethod,
-) {
+  String httpMethod, {
+  String? ath,
+  String? nonce,
+}) {
   /// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03
   /// Unique identifier for DPoP proof JWT
   /// Here we are using a version 4 UUID according to https://datatracker.ietf.org/doc/html/rfc4122
@@ -141,6 +143,14 @@ String genDpopToken(
     'iat': (DateTime.now().millisecondsSinceEpoch / 1000).round(),
   };
 
+  if (ath != null) {
+    tokenBody['ath'] = ath;
+  }
+
+  if (nonce != null) {
+    tokenBody['nonce'] = nonce;
+  }
+
   /// Create a json web token
   final jwt = JWT(
     tokenBody,
@@ -226,8 +236,12 @@ Future<Map> authenticate(
   var publicKeyJwk = rsaResults['pubKeyJwk'];
 
   ///Generate DPoP token using the RSA private key
-  String dPopToken =
-      genDpopToken(tokenEndpoint, rsaKeyPair, publicKeyJwk, 'POST');
+  String dPopToken = genDpopToken(
+    tokenEndpoint,
+    rsaKeyPair,
+    publicKeyJwk,
+    'POST',
+  );
 
   final String clientId = regResJson['client_id'];
   final String clientSecret = regResJson['client_secret'];