Skip to content

refactor: extract DPoPCredentialValidator from CredentialsManager#1157

Closed
sanchitmehtagit wants to merge 5 commits intodevelop/v3.0from
refactor/extract-dpop-credential-validator
Closed

refactor: extract DPoPCredentialValidator from CredentialsManager#1157
sanchitmehtagit wants to merge 5 commits intodevelop/v3.0from
refactor/extract-dpop-credential-validator

Conversation

@sanchitmehtagit
Copy link
Copy Markdown
Contributor

@sanchitmehtagit sanchitmehtagit commented Apr 24, 2026
edited
Loading

Summary

Note: this PR can go post V3 beta 1 release so keeping it in draft mode

  • Extracts validateDPoPState(for:) and saveDPoPThumbprint(for:) from CredentialsManager into a new DPoPCredentialValidator struct
    in Auth0/DPoP/ for better separation of concerns
  • simplify the logic
  • added missing tests for ssoCredentials

Changes

New file: Auth0/DPoP/DPoPCredentialValidator.swift

A focused Sendable struct with three responsibilities:

  • validate(for:) - pre-renewal DPoP state check (not configured → not present → thumbprint mismatch)
  • saveThumbprint(for:) - persists or clears the thumbprint after store(credentials:)
  • clearThumbprint() - removes the thumbprint entry on clear()

CredentialsManager.swift

  • Removes validateDPoPState(for:) and saveDPoPThumbprint(for:) (~46 lines)
  • Adds private let dpopValidator: DPoPCredentialValidator initialized in init
  • All three call sites now delegate to self.dpopValidator.validate(for:)

Test plan

  • swift build - no errors ✅
  • Existing CredentialsManagerDPoPSpec tests cover all validation paths (notConfigured, keyMissing, keyMismatch, passes, thumbprint
    save/clear)
  • No behaviour changes to passing tests - same error codes surface at the same call sites

@sanchitmehtagit sanchitmehtagit requested a review from a team as a code owner April 24, 2026 10:00
@sanchitmehtagit sanchitmehtagit changed the base branch from master to develop/v3.0 April 24, 2026 10:01
sanchitmehtagit
sanchitmehtagit commented Apr 24, 2026
View reviewed changes
Comment thread Auth0/DPoP/DPoPCredentialValidator.swift Outdated
@sanchitmehtagit sanchitmehtagit marked this pull request as draft April 24, 2026 10:11
@sanchitmehtagit sanchitmehtagit force-pushed the refactor/extract-dpop-credential-validator branch from f471b18 to 92a13c7 Compare April 24, 2026 10:13
@sanchitmehtagit sanchitmehtagit force-pushed the refactor/extract-dpop-credential-validator branch from 6ec094a to 2ff7565 Compare April 24, 2026 10:26
@sanchitmehtagit
Copy link
Copy Markdown
Contributor Author

sanchitmehtagit commented May 4, 2026
edited
Loading

closing this can be taken post major release on master branch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sanchitmehtagit