[keycloak-dev] proof-of-possession

Frederik Libert frelibert at yahoo.com
Wed Jan 24 08:38:30 EST 2018

Are there any plans to support pop accesTokens where some kind of proof-of-possession is introduced to have a higher degree of security?As far as I know, there isn't yet a final standard (RFC) for this, only expired drafts, such as:- https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-08- https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-03https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03
Would you consider implementing any of this or would you wait until a RFC is finally accepted as standard?
Kind regards,

More information about the keycloak-dev mailing list