OAuth is a token-based authentication and authorization that can allow third party access to what you own without sharing your identity. It was a pleasure for us to attend Vancouver Digital Identity Meetup on August 6, 2019; and enjoyed Sascha Preibisch’s presentation about OAuth 2.0 – Demonstration of Proof-of-Possession (DPOP).
Sascha addressed some disadvantages of existing protocols (HMAC, Mutual TLS Client Authentication, Token binding) such as:
- Complicated to implement
- Not supporting
DPOP is not a new idea, the main goal is to “Ensure the token being presented is owned by the presenter” according to Sascha. Some of the DPOP’s advantages and benefits are:
- Update on application only
- Reuse existing libraries and tools
- Leverages current standards: JWT, JWS, JWK
- Non-invasive addition to OAuth
- Enriches OAuth security mode
- Supports public and confidential clients
For more information please visit DPOP.