{
  "draft": "draft-ietf-oauth-dpop-16",
  "doc_id": "RFC9449",
  "title": "OAuth 2.0 Demonstrating Proof of Possession (DPoP)",
  "authors": [
    "D. Fett",
    "B. Campbell",
    "J. Bradley",
    "T. Lodderstedt",
    "M. Jones",
    "D. Waite"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "39",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "Web Authorization Protocol",
  "abstract": "This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level.  This mechanism allows for the detection of replay attacks with access and refresh tokens.",
  "pub_date": "September 2023",
  "keywords": [
    "security",
    "oauth2"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9449",
  "errata_url": "https://www.rfc-editor.org/errata/rfc9449"
}