Hi, The DPoP spec currently defines how to obtain a DPoP-bound token via token endpoint invocations (namely, authorization_code and refresh_token grants). But it is also possible to obtain access token prior to code-to-token exchange, via OAuth implicit/hybrid flows.
Do we have any plans to support DPoP in authorization endpoint (in addition to token endpoint) and implicit/hybrid flows? Is yes, what it might look like? a "dpop" request parameter or a "DPoP" header? Regards, Dmitry
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
