Title
OAuth 2.0 DPoP Profile
Description
DPoP, an abbreviation for Demonstrating Proof-of-Possession at the Application Layer, is an application-level mechanism for sender-constraining OAuth access and refresh tokens. It enables a client to demonstrate proof-of-possession of a public/private key pair by including a "DPoP" header in an HTTP request. The OAuth 2.0 Proof of Possession Profile is based on the internet draft ID OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer1.

Reference document

Org
FMN
Pubnum
Date
2022-12-02
Version
Title
Proposed FMN Spiral 5 Specification

Taxonomy

Standards

Obligation: NONE, Lifecycle: CANDIDATE

Service profile OAuth 2.0 DPoP Profile does not refer to any standard.

Guidance

Proof-of-Possession IS supported between the Client and the Authorization Server; and, Client and Resource Server.

Status

URI

History

Flag Date RFC Version
added 2023-01-23 14-32 15
UUID
44592cde-e7b2-48f1-9b06-5def700335fe

Utilization

This profile is used by the following profiles:

Last updated on Thu, 21 Mar 2024 15:51:28 UTC
This page is work in progress