Stop Stealing My Tokens!

You’ve probably heard of OAuth. Maybe you’re even using it. Then you’re most likely also using Bearer Tokens. Which are great and all. Well, until someone steals them!

This talk gives a short and fun introduction to DPoP, or Demonstrating Proof of Possession, an extension to OAuth that allows one to cryptographically bind access tokens to a particular client when they are issued, hence making them harder to steal.