DPoP has been available in Keycloak since version 23.0.0, but only as a preview feature. With the release of Keycloak 26.4, we’re happy to share that OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) is now officially supported. What is DPoP? 🔑 DPoP is a Proof-of-Possession mechanism that improves OAuth token security by binding a token (access or refresh) to a public/private key pair controlled by the client. By requiring a signed DPoP proof with each request, DPoP ensures that a stole...
