April 6, 2020
We’re making progress on a simple application-level proof-of-possession solution for OAuth 2.0. I’m pleased to report that DPoP has now been adopted as an OAuth working group specification. The abstract of the specification is:
This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.
The specification is available at:
No Comments » Posted under IETF & OAuth & Specifications
Leave a Reply
You must be logged in to post a comment.