What the heck is DPoP? | IAM Community Meetups - 2022
An Application-level proof-of-possession protections for access and refresh tokens.
DPoP (Demonstrating-Proof-of-Possession) is an additional security mechanism for the token generation which overcomes the issue of bearer token which will not validate between who is requested token and who is actually using the token for the access of a particular resource. In DPoP, this will be avoided by validating the client who requested the token is the one who is actually using the token using the Signed JWT tokens known as DPoP Proof.
In this meetup we will cover the following areas:
- Attacker model - Problem
- Anatomy of DPOP
- How resources are protected by DPOP
- DPOP in action
Read here to learn about #WSO2IdentityServer's new feature, DPoP, which is designed as a security mechanism for public clients who are unable to use MTLS.