UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9449

OAuth 2.0 Demonstrating Proof of Possession (DPoP)

active, Most Current
Organization: IETF
Publication Date: 1 September 2023
Status: active
Page Count: 39
scope:

This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.

Document History

RFC 9449
September 1, 2023
OAuth 2.0 Demonstrating Proof of Possession (DPoP)
This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks...

References

This document references:
RFC 2046 - Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types
Published by IETF on November 1, 1996
A description is not available for this item.
This document references:
IETF RFC 4122 - A Universally Unique IDentifier (UUID) URN Namespace
Published by IETF on July 1, 2005
This specification defines a Uniform Resource Name namespace for UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier). A UUID is 128 bits long, and can guarantee...
This document references:
IETF RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)
Published by IETF on March 1, 2011
Many application technologies enable secure communication between two entities by means of Internet Public Key Infrastructure Using X.509 (PKIX) certificates in the context of Transport Layer...
This document is referenced by:
RFC 9470 - OAuth 2.0 Step Up Authentication Challenge Protocol
Published by IETF on September 1, 2023
It is not uncommon for resource servers to require different authentication strengths or recentness according to the characteristics of a request. This document introduces a mechanism that resource...
View Less
View All
Advertisement