@misc{rfc9449, series = {Request for Comments}, number = 9449, howpublished = {RFC 9449}, publisher = {RFC Editor}, doi = {10.17487/RFC9449}, url = {https://www.rfc-editor.org/info/rfc9449}, author = {Daniel Fett and Brian Campbell and John Bradley and Torsten Lodderstedt and Michael B. Jones and David Waite}, title = {{OAuth 2.0 Demonstrating Proof of Possession (DPoP)}}, pagetotal = 39, year = 2023, month = sep, abstract = {This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.}, }