This specification enables OAuth 2.0 implementations to apply Token Binding to Access Tokens, Authorization Codes, Refresh Tokens, JWT Authorization Grants, and JWT Client Authentication. This cryptographically binds these tokens to a client’s Token Binding key pair, possession of which is proven on the TLS connections over which the tokens are intended to be used. This use of Token Binding protects these tokens from man-in-the-middle and token export and replay attacks.
CITATION STYLE
Siriwardena, P. (2020). OAuth 2.0 Token Binding. In Advanced API Security (pp. 243–255). Apress. https://doi.org/10.1007/978-1-4842-2050-4_11
Mendeley helps you to discover research relevant for your work.