@misc{rfc8705,
    series =    {Request for Comments},
    number =    8705,
    howpublished =  {RFC 8705},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC8705},
    url =       {https://www.rfc-editor.org/info/rfc8705},
    author =    {Brian Campbell and John Bradley and Nat Sakimura and Torsten Lodderstedt},
    title =     {{OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens}},
    pagetotal = 24,
    year =      2020,
    month =     feb,
    abstract =  {This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual-TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.},
}