frelibert at yahoo.com
Wed Jan 24 08:38:30 EST 2018
Are there any plans to support pop accesTokens where some kind of proof-of-possession is introduced to have a higher degree of security?As far as I know, there isn't yet a final standard (RFC) for this, only expired drafts, such as:- https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-08- https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-03
Would you consider implementing any of this or would you wait until a RFC is finally accepted as standard?
More information about the keycloak-dev