refactor: update DPoP keypair generation and signing algorithm to use ES256 for improved compatibility and security

Author: rohanharikr

src/App.svelte

@@ -222,12 +222,7 @@
 			if (isDpopEnabled) {
 				const { publicKey, privateKey } = JSON.parse(localStorage.getItem('dpop_keypair'));
 				// Import the private JWK to a CryptoKey for signing
-				// Add the algorithm parameter if it's missing (required by JOSE)
-				const privateKeyWithAlg = { ...privateKey };
-				if (!privateKeyWithAlg.alg) {
-					privateKeyWithAlg.alg = 'EdDSA';
-				}
-				const signingKey = await jose.importJWK(privateKeyWithAlg, 'EdDSA');
+				const signingKey = await jose.importJWK(privateKey, 'ES256');
 				// Create a minimal DPoP proof JWT (RFC 9449)
 				// Generate SHA256 hash of the code for c_hash
 				// Convert to BASE64URL as per spec section 1.8
@@ -245,15 +240,15 @@
 					htm: 'POST'
 				};
 				// Restrict public JWK in header to RFC 7638 members only
-				// For EdDSA (Ed25519), we need kty, crv, and x parameters
 				const publicJwkMinimal = {
 					kty: publicKey.kty,
 					crv: publicKey.crv,
-					x: publicKey.x
+					x: publicKey.x,
+					y: publicKey.y
 				};
 				const dpopToken = await new jose.SignJWT(dpopPayload)
 					.setProtectedHeader({
-						alg: 'EdDSA',
+						alg: 'ES256',
 						typ: 'dpop+jwt',
 						jwk: publicJwkMinimal
 					})

src/lib/dpop.js

@@ -1,5 +1,4 @@
-// Get existing EdDSA (Ed25519) keypair from storage or create a new one if missing
-// EdDSA provides better performance and security compared to ES256
+// Get existing ES256 keypair from storage or create a new one if missing
 async function generateDpopJkt() {
 	let stored = null;
 	try {
@@ -12,15 +11,12 @@ async function generateDpopJkt() {
 	if (stored?.publicKey && stored?.privateKey) {
 		publicJwk = stored.publicKey;
 	} else {
-		const keyPair = await crypto.subtle.generateKey({ name: 'Ed25519' }, true, [
+		const keyPair = await crypto.subtle.generateKey({ name: 'ECDSA', namedCurve: 'P-256' }, true, [
 			'sign',
 			'verify'
 		]);
 		const newPublicJwk = await crypto.subtle.exportKey('jwk', keyPair.publicKey);
 		const newPrivateJwk = await crypto.subtle.exportKey('jwk', keyPair.privateKey);
-		// Add algorithm parameter to JWKs for JOSE compatibility
-		newPublicJwk.alg = 'EdDSA';
-		newPrivateJwk.alg = 'EdDSA';
 		localStorage.setItem(
 			'dpop_keypair',
 			JSON.stringify({
@@ -38,15 +34,12 @@ async function generateDpopJkt() {
 
 // Explicitly rotate the DPoP keypair and return the new jkt
 async function regenerateDpopJkt() {
-	const keyPair = await crypto.subtle.generateKey({ name: 'Ed25519' }, true, [
+	const keyPair = await crypto.subtle.generateKey({ name: 'ECDSA', namedCurve: 'P-256' }, true, [
 		'sign',
 		'verify'
 	]);
 	const publicJwk = await crypto.subtle.exportKey('jwk', keyPair.publicKey);
 	const privateJwk = await crypto.subtle.exportKey('jwk', keyPair.privateKey);
-	// Add algorithm parameter to JWKs for JOSE compatibility
-	publicJwk.alg = 'EdDSA';
-	privateJwk.alg = 'EdDSA';
 	localStorage.setItem(
 		'dpop_keypair',
 		JSON.stringify({