OAuth and the Long Way to Proof of Possession

Explore the evolution of OAuth 2.0 and the journey towards implementing Proof of Possession in this 58-minute conference talk from NDC Security 2023. Delve into the controversial decision to omit cryptographic binding of access tokens to their owners in the initial OAuth 2.0 specification. Discover why the seemingly simple addition of proof of possession proved to be a complex challenge that took nearly a decade to solve. Learn about the current industry demands for enhanced security features and examine the two fundamental approaches to achieve sender constraining. Gain insights into the history of proof of possession and explore practical implementation methods available today.