Skip to main content

OAuth Proof of Possession Tokens with HTTP Message Signatures

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Justin Richer
Last updated 2021-12-23 (Latest revision 2021-06-21)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This extension to the OAuth 2.0 authorization framework defines a method for using HTTP Message Signatures to bind access tokens to keys held by OAuth 2.0 clients.


Justin Richer

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)