azure-activedirectory-identitymodel-extensions-for-dotnet icon indicating copy to clipboard operation
azure-activedirectory-identitymodel-extensions-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Feature Request] Add support for DPoP

Open blowdart opened this issue 1 year ago • 2 comments
trafficstars

Is your feature request related to a problem? Please describe. Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP) because having one token binding standard just isn't enough.

Describe the solution you'd like Any solution should be closely done in collaboration with the HttpClient and ASP.NET folks.

I could imagine an extension method on HttpRequest like request.SignWithDPop(jwk, nonce). Where close integration needs to happen is in server-side nonce cycling, as the response can contain an updated nonce which would need to be plumbed though

blowdart avatar Sep 03 '24 23:09 blowdart

Hey - seems you read the spec ;)

leastprivilege avatar Sep 19 '24 12:09 leastprivilege

Oh - and btw - we implemented all of that already of course

client side piece here: https://github.com/DuendeSoftware/Duende.AccessTokenManagement

and JwtBearer extensions here: https://docs.duendesoftware.com/identityserver/v7/apis/aspnetcore/confirmation/#validating-dpop-proof-of-possession

leastprivilege avatar Sep 19 '24 12:09 leastprivilege