From e6acd99220188b1f13a97e9a6e8f315ba0a2dfc9 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Thu, 5 May 2022 09:33:21 +0200
Subject: [PATCH] feat: explicitly add dpop_jkt to par request when using dpop

---
 src/index.ts     | 1 +
 test/par.test.ts | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/index.ts b/src/index.ts
index 4180dcb3..574dc20c 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1388,6 +1388,7 @@ export async function pushedAuthorizationRequest(
 
   if (options?.DPoP !== undefined) {
     await dpopProofJwt(headers, options.DPoP, url, 'POST')
+    body.set('dpop_jkt', await calculateJwkThumbprint(options?.DPoP.publicKey))
   }
 
   return authenticatedRequest(as, client, 'POST', url, body, headers, options)
diff --git a/test/par.test.ts b/test/par.test.ts
index 4a159244..f5a1793d 100644
--- a/test/par.test.ts
+++ b/test/par.test.ts
@@ -93,7 +93,7 @@ test('pushedAuthorizationRequest() w/ DPoP', async (t) => {
         dpop: /.+/,
       },
       body(body) {
-        return new URLSearchParams(body).get('client_id') === client.client_id
+        return new URLSearchParams(body).has('dpop_jkt')
       },
     })
     .reply(200, { request_uri: 'urn:example:uri', expires_in: 60 })