{"id":2069,"date":"2020-04-06T18:38:52","date_gmt":"2020-04-07T01:38:52","guid":{"rendered":"https:\/\/self-issued.info\/?p=2069"},"modified":"2020-05-04T16:41:14","modified_gmt":"2020-05-04T23:41:14","slug":"working-group-adoption-of-oauth-2-0-demonstration-of-proof-of-possession-at-the-application-layer-dpop","status":"publish","type":"post","link":"https:\/\/self-issued.info\/?p=2069","title":{"rendered":"Working group adoption of &#8220;OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)&#8221;"},"content":{"rendered":"<p><span class=\"plain\"><img decoding=\"async\" align=\"right\" alt=\"OAuth logo\" src=\"https:\/\/self-issued.info\/images\/oauth_logo_120x120.png\"><\/span>We&#8217;re making progress on a simple application-level proof-of-possession solution for OAuth 2.0.  I&#8217;m pleased to report that DPoP has now been adopted as an OAuth working group specification.  The abstract of the specification is:<\/p>\n<blockquote><p>\nThis document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.<\/p><\/blockquote>\n<p>The specification is available at:<\/p>\n<ul>\n<li><a href=\"https:\/\/tools.ietf.org\/id\/draft-ietf-oauth-dpop-00.html\">https:\/\/tools.ietf.org\/id\/draft-ietf-oauth-dpop-00.html<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>We&#8217;re making progress on a simple application-level proof-of-possession solution for OAuth 2.0. I&#8217;m pleased to report that DPoP has now been adopted as an OAuth working group specification. The abstract of the specification is: This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,26,25],"tags":[],"class_list":["post-2069","post","type-post","status-publish","format-standard","hentry","category-ietf","category-oauth","category-specifications"],"_links":{"self":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/2069","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2069"}],"version-history":[{"count":3,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/2069\/revisions"}],"predecessor-version":[{"id":2072,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/2069\/revisions\/2072"}],"wp:attachment":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}