Draft: OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)


DPoP, or Demonstration of Proof of Possession, is an extension that describes a technique to cryptographically bind access tokens to a particular client when they are issued. This is one of many attempts at improving the security of Bearer Tokens by requiring the application using the token to authenticate itself.

This draft is still in progress, and is open to feedback from people who are interested in using it!