{"draft":"draft-ietf-oauth-dpop-16","doc_id":"RFC9449","title":"OAuth 2.0 Demonstrating Proof of Possession (DPoP)","authors":["D. Fett","B. Campbell","J. Bradley","T. Lodderstedt","M. Jones","D. Waite"],"format":["HTML","TEXT","PDF","XML"],"page_count":"39","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Web Authorization Protocol","abstract":"This document describes a mechanism for sender-constraining OAuth 2.0\r\ntokens via a proof-of-possession mechanism on the application level.\r\nThis mechanism allows for the detection of replay attacks with access\r\nand refresh tokens.","pub_date":"September 2023","keywords":["security","oauth2"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9449","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc9449"}