Okta Ping Identity The OAuth 2.0 Device Authorization Grant [RFC8628] is an authorization flow for devices with limited input capabilities. Demonstrating Proof of Possession (DPoP) [RFC9449] is a mechanism to sender-constrain OAuth 2.0 tokens. This document describes how to use DPoP with the Device Authorization Grant to provide a higher level of security for clients. It binds the DPoP key to the entire transaction, from the initial device authorization request through the lifetime of the issued tokens.