OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)
draft-ietf-oauth-dpop-01
| Document | Type | Expired Internet-Draft (oauth WG) | |
|---|---|---|---|
| Authors | Daniel Fett , Brian Campbell , John Bradley , Torsten Lodderstedt , Michael Jones , David Waite | ||
| Last updated | 2020-11-02 (Latest revision 2020-05-01) | ||
| Replaces | draft-fett-oauth-dpop | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats |
Expired & archived
plain text
html
xml
htmlized
pdfized
bibtex
|
||
| Stream | WG state | WG Document | |
| Associated WG milestone |
|
||
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-01.txt
Abstract
This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.
Authors
Daniel Fett
Brian Campbell
John Bradley
Torsten Lodderstedt
Michael Jones
David Waite
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)