RFC 9449: OAuth 2.0 Demonstrating Proof-of-Possession (DPoP)

datatracker.ietf.org/doc/html/rfc9449

DPoP, or Demonstrating Proof of Possession, is an extension that describes a technique to cryptographically bind access tokens to a particular client when they are issued. This is one of many attempts at improving the security of Bearer Tokens by requiring the application using the token to prove possession of the same private key that was used to obtain the token.

See Also:

• RFC 8705: Mutual TLS
• Draft: HTTP Signatures