DPoP and the Burden of Proof: Negating the Threat of Stolen OAuth Tokens


Posted on in Presentations

A personal account of the rich and sometimes troubled history of proof-of-possession tokens in OAuth with a focus on DPoP—our last best hope for strong cryptographic defenses against the use of stolen tokens. Tokens which, as mostly bearer tokens today, are an increasingly attractive target to adversaries as user credentials themselves become harder to compromise with MFA/FIDO/etc.

Participants
Brian Campbell

Speaker

Distinguished Engineer, Ping Identity


Share With Your Community