@techreport{ietf-oauth-dpop-08, number = {draft-ietf-oauth-dpop-08}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-08}, author = {Daniel Fett and Brian Campbell and John Bradley and Torsten Lodderstedt and Michael Jones and David Waite}, title = {{OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)}}, pagetotal = 41, year = 2022, month = may, day = 2, abstract = {This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.}, }