#dpop — Public Fediverse posts on home.social

InfoQ @[email protected] · 2026-04-30 · 11:24 UTC

#DPoP closes a real gap in #OAuth2, but there’s a catch….

Sender-constrained tokens are a meaningful upgrade over bearer tokens, but they don't fully solve the challenge of browser key storage.

Check out the #InfoQ article by Dhruv Agnihotri for a deep dive: https://bit.ly/4w62YGA

#WebDevelopment #Security #Cryptography #CyberSecurity

#dpop #oauth2 #infoq #webdevelopment #security #cryptography

Habr @[email protected] · 2026-03-26 · 15:42 UTC

[Перевод] DPoP: что это такое, как работает и почему Bearer-токенов недостаточно

Bearer-токен работает слишком просто: кто его получил, тот и авторизован. Именно поэтому утечки токенов регулярно превращаются в реальные инциденты — от CI/CD до облачных хранилищ. В новом переводе от команды Spring АйО рассмотрим, как DPoP меняет эту модель, привязывая токен к ключу клиента, зачем это нужно backend-разработчику и как поднять рабочую реализацию на Keycloak и Quarkus.

https://habr.com/ru/companies/spring_aio/articles/1015544/

#java #kotlin #dpop #ci #cd #bearer #security #безопасность #безопасность_вебприложений #безопасность_в_сети

#безопасность_в_сети #безопасность_вебприложений #безопасность #security #bearer #cd

Markus Eisele @[email protected] · 2026-03-14 · 07:15 UTC

Bearer tokens are reusable. That’s the problem.

In Quarkus 3.32 you can now implement a custom DPoPNonceProvider and stop OAuth token replay attacks properly.

I built a full end-to-end example with:
- DPoP-bound tokens
- Nonce challenge-response
- Replay protection
- Keycloak Dev Services

Full walkthrough:
https://www.the-main-thread.com/p/quarkus-3-32-dpop-nonce-provider-java-replay-protection

#Quarkus #Java #OAuth2 #DPoP #APISecurity

#quarkus #java #oauth2 #dpop #apisecurity

Wednesday Links @[email protected] · 2026-03-11 · 16:29 UTC

Wednesday Links - Edition 2026-03-11
https://dev.to/0xkkocel/wednesday-links-edition-2026-03-11-37bb
#java #jvm #http #springboot #dpop #quarkus #postgres #claude

#java #jvm #http #springboot #dpop #quarkus

Erik C. Thauvin @[email protected] · 2026-03-09 · 19:23 UTC

DPoP: What It Is, How It Works, and Why Bearer Tokens Aren’t Enough

#bearer #cryptography #dpop #java #oauth #security #token

https://foojay.io/today/dpop-what-it-is-how-it-works-and-why-bearer-tokens-arent-enough/

#bearer #cryptography #dpop #java #oauth #security

Aaron Parecki @[email protected] · 2025-09-20 · 14:18 UTC

Inspired by a question from @thisismissem.social, I wrote up a document describing how to apply DPoP (RFC9449) to the OAuth Device Flow (RFC8628).

https://datatracker.ietf.org/doc/draft-parecki-oauth-dpop-device-flow/

#oauth #dpop

tim @[email protected] · 2025-04-16 · 03:23 UTC

Huge 9.0 release for node-oidc-provider!

Awesome to see #DPoP enabled by default.

https://github.com/panva/node-oidc-provider/releases/tag/v9.0.0

#OIDC #OAuth #NodeJS #AS

#dpop #oidc #oauth #nodejs #as

Luke Haigh Photography @[email protected] · 2025-03-14 · 19:32 UTC

A male chaffinch perches on a bare branch, its body angled upwards, facing the sky. #birds #naturephotography #lukehaigh #DPOP

#birds #naturephotography #lukehaigh #dpop

Luke Haigh Photography @[email protected] · 2025-03-11 · 01:29 UTC

A tufted duck swims on rippled water, its dark plumage contrasting with the light reflections on the surface. #birds #naturephotography #lukehaigh #DPOP

#birds #naturephotography #lukehaigh #dpop

Luke Haigh Photography @[email protected] · 2025-03-10 · 18:11 UTC

A black crow perches on a bare branch against a clear blue sky. Its glossy black plumage is prominent. #birds #naturephotography #lukehaigh #DPOP

#birds #naturephotography #lukehaigh #dpop

Luke Haigh Photography @[email protected] · 2025-03-08 · 00:04 UTC

A Northern Lapwing is captured mid-flight against a clear, pale blue sky, its wings spread wide in a graceful arc. #birds #naturephotography #lukehaigh #DPOP

#birds #naturephotography #lukehaigh #dpop