Search RFCs
RFC 9449
OAuth 2.0 Demonstrating Proof of Possession (DPoP),September 2023
- File formats:
- Also available:XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- D. Fett
B. Campbell
J. Bradley
T. Lodderstedt
M. Jones
D. Waite - Stream:
- IETF
- Source:
- oauth (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9449
Discuss this RFC: Send questions or comments to the mailing listoauth@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9449
Abstract
This document describes a mechanism for sender-constraining OAuth 2.0tokens via a proof-of-possession mechanism on the application level.This mechanism allows for the detection of replay attacks with accessand refresh tokens.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.