OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)
draft-fett-oauth-dpop-04
Document | Type | Replaced Internet-Draft (individual) | |
---|---|---|---|
Authors | Daniel Fett , Brian Campbell , John Bradley , Torsten Lodderstedt , Michael Jones , David Waite | ||
Last updated | 2020-03-04 | ||
Replaced by | draft-ietf-oauth-dpop | ||
Stream | (None) | ||
Intended RFC status | (None) | ||
Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
Stream | Stream state | (No stream defined) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Replaced by draft-ietf-oauth-dpop | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
https://www.ietf.org/archive/id/draft-fett-oauth-dpop-04.txt
Abstract
This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.
Authors
Daniel Fett
(mail@danielfett.de)
Brian Campbell
(bcampbell@pingidentity.com)
John Bradley
(ve7jtb@ve7jtb.com)
Torsten Lodderstedt
(torsten@lodderstedt.net)
Michael Jones
(mbj@microsoft.com)
David Waite
(david@alkaline-solutions.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)