Proof of possession for OAuth2 tokens(DPoP) with WSO2 Identity Server #Identityin15

Proof of possession for OAuth2 tokens(DPoP) with WSO2 Identity Server #Identityin15

May 17, 2022

In today's episode, we will discuss how you can secure OAuth2 Tokens with DPoP using the WSO2 Identity Server.
DPoP (Demonstrating-Proof-of-Possession) is an additional security mechanism for the token generation which overcomes the issue of bearer token which will not validate between who is requested token and who is actually using the token for the access of a particular resource.

The following is the outline for today's session:

  • An overview of application layer proof-of-possession (DPoP)
  • How you should configure the WSO2 Identity Server to enable the DPoP extension
  • How to generate DPoP tokens on the client-side
  • demo
  • Q&A session

Download WSO2 Identity Server: https://wso2.com/identity-server

Resources:
DPoP extension for the WSO2 Identity Server - https://github.com/wso2-extensions/identity-oauth-addons/tree/master/component/org.wso2.carbon.identity.dpop

Sample client for DPoP token generation - https://github.com/chamathns/dpop-client

"What the heck is DPoP?" - https://www.youtube.com/watch
Article - https://dzone.com/articles/what-dhack-is-dpop

#WSO2 Identity Server Community Channels: