@techreport{parecki-oauth-dpop-device-flow-00,
    number =    {draft-parecki-oauth-dpop-device-flow-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-parecki-oauth-dpop-device-flow/00/},
    author =    {Aaron Parecki and Brian Campbell},
    title =     {{DPoP for the OAuth 2.0 Device Authorization Grant}},
    pagetotal = 7,
    year =      2025,
    month =     sep,
    day =       20,
    abstract =  {The OAuth 2.0 Device Authorization Grant {[}RFC8628{]} is an authorization flow for devices with limited input capabilities. Demonstrating Proof of Possession (DPoP) {[}RFC9449{]} is a mechanism to sender-constrain OAuth 2.0 tokens. This document describes how to use DPoP with the Device Authorization Grant to provide a higher level of security for clients. It binds the DPoP key to the entire transaction, from the initial device authorization request through the lifetime of the issued tokens.},
}