Description
Is there an existing issue for this?
- I have searched the existing issues
Is your feature request related to a problem? Please describe the problem.
No response
Describe the solution you'd like
Demonstrating Proof of Possession (DPoP) RFC 9449 is a new addition to the OAuth 2.0 framework. It makes it possible for clients to prove that the access token being used actually belongs to the client and not to an attacker. Several identity providers have already implemented DPoP support:
Duende: https://blog.duendesoftware.com/posts/20230504_dpop/
Curity: https://curity.io/resources/learn/dpop-overview/
Okta: https://www.okta.com/blog/2023/06/a-leap-forward-in-token-security-okta-adds-support-for-dpop/
The current option in .NET is to either use Duende libraries, or write your own DPoP-implementation on top of the existing authentication stack in aspnetcore. It would be great if this was a capability that would come together with aspnetcore as DPoP is being more adopted by OAuth applications.
Additional context
No response