You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There has been a lot of noise about the downsides of OAuth 2 bearer tokens - namely that they are susceptible to replay attacks and if stolen would provide an attacker to unfettered access.
There has been a lot of noise about the downsides of OAuth 2 bearer tokens - namely that they are susceptible to replay attacks and if stolen would provide an attacker to unfettered access.
Token Binding is a potential solution. [This](https://www.pingidentity.com/en/blog/2015/01/20/new_standards_emerging_for_hok_tokens.html
With) is a good overview of the issue and possible mitigations and this is a more technical overview.
The Financial API Working Group is also discussing recommending Token Binding for Write API access to bank accounts.
While token binding has many advantages:
It is not yet available in all browsers or even all TLS libraries, e.g. OpenSSL Feature Request
This issue is for discussion of token binding and to track its implementation status.
The text was updated successfully, but these errors were encountered: