Hi,
Are there any plans to support pop accesTokens where some kind of proof-of-possession is
introduced to have a higher degree of security?As far as I know, there isn't yet a
final standard (RFC) for this, only expired drafts, such
as:- https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-08- ht...
- https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03
Would you consider implementing any of this or would you wait until a RFC is finally
accepted as standard?
Kind regards,
Frederik