RFC 9449

OAuth 2.0 Demonstrating Proof of Possession (DPoP), September 2023

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML icon for inline errata
Also available: XML file for editing
 
Status:
PROPOSED STANDARD
Authors:
D. Fett
B. Campbell
J. Bradley
T. Lodderstedt
M. Jones
D. Waite
Stream:
IETF
Source:
oauth (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9449

Discuss this RFC: Send questions or comments to the mailing list oauth@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9449

Abstract

This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.



Advanced Search