|
|
|
|
|
|
by niyikiza
56 days ago
|
|
|
Speaking of fantansies...another approach would be holder binding: DPoP (RFC 9449) has been stable for a couple of years, AWS SigV4 does it too. The key holder proves control at call time, so a captured token without the key is useless. |
|
|