OAuth 2.0 Token Binding
draft-ietf-oauth-token-binding-08
| Document | Type | Expired Internet-Draft (oauth WG) | |
|---|---|---|---|
| Authors | Michael Jones , Brian Campbell , John Bradley , William Denniss | ||
| Last updated | 2019-04-22 (latest revision 2018-10-19) | ||
| Replaces | draft-campbell-oauth-tbpkce, draft-jones-oauth-token-binding | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Expired | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-ietf-oauth-token-binding-08.txt
Abstract
This specification enables OAuth 2.0 implementations to apply Token Binding to Access Tokens, Authorization Codes, Refresh Tokens, JWT Authorization Grants, and JWT Client Authentication. This cryptographically binds these tokens to a client's Token Binding key pair, possession of which is proven on the TLS connections over which the tokens are intended to be used. This use of Token Binding protects these tokens from man-in-the-middle and token export and replay attacks.
Authors
Michael Jones
(mbj@microsoft.com)
Brian Campbell
(brian.d.campbell@gmail.com)
John Bradley
(ve7jtb@ve7jtb.com)
William Denniss
(wdenniss@google.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)