support dPoP protocol

[damooo]

Hello, thanks for your work

It would be great, if library can support dPoP protocol. (OAuth 2.0 Demonstrating Proof-of-Possession )

dPoP is now fairly de-facto standard to bind access token to petticoat client and ensure, stolen access tokens doesn't cause any damage.

And solid protocol, which enables decentralised identity and collaboration over personal resources, it mandates to use dPoP for example.

[ramosbugs]

this seems like a reasonable enhancement to this crate, although the standard looks like it's still in a draft state: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04. are there any major OpenID Connect providers using this yet?

[damooo]

Yes, though in draft stage, it is fairly used in production. Auth0 supports it. And SOLID-OIDCmandates it, as it supports decentralised identity.

[damooo]

@ramosbugs , /\ you can see dPoP being listed in OAuth Working Group Specifications too.

[Gearme]

I put together an MVP draft for a bare minimum of DPoP functionality, feedback welcome.