{
  "context": "This criteria evaluates how well the engineer uses the @azure/core-auth package to implement Proof-of-Possession (PoP) token authentication. The focus is on correct usage of PoP-specific features including token request options, token type validation, and proper handling of authentication tokens.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "PoP Options Structure",
      "description": "Uses the proofOfPossessionOptions field in GetTokenOptions with the correct structure containing nonce, resourceRequestMethod, and resourceRequestUrl properties",
      "max_score": 30
    },
    {
      "name": "Token Credential Interface",
      "description": "Correctly calls the getToken() method on the credential with appropriate scope parameter and options object",
      "max_score": 20
    },
    {
      "name": "PoP Token Validation",
      "description": "Uses the isPopToken() utility function to verify that the returned token is a PoP token (not a Bearer token)",
      "max_score": 25
    },
    {
      "name": "Null Token Handling",
      "description": "Properly checks if getToken() returns null and handles the failure case by throwing an error",
      "max_score": 15
    },
    {
      "name": "Token Type Error",
      "description": "Throws an appropriate error when the token is not a PoP token (e.g., when isPopToken() returns false)",
      "max_score": 10
    }
  ]
}