BlemeAPI Security 2026 : Comment éviter de finir sur Have I Been Pwned ?
PeerTube
InfoQ#DPoP closes a real gap in #OAuth2, but there’s a catch….
Sender-constrained tokens are a meaningful upgrade over bearer tokens, but they don't fully solve the challenge of browser key storage.
Check out the #InfoQ article by Dhruv Agnihotri for a deep dive: https://bit.ly/4w62YGA
Habr[Перевод] DPoP: что это такое, как работает и почему Bearer-токенов недостаточно
Bearer-токен работает слишком просто: кто его получил, тот и авторизован. Именно поэтому утечки токенов регулярно превращаются в реальные инциденты — от CI/CD до облачных хранилищ. В новом переводе от команды Spring АйО рассмотрим, как DPoP меняет эту модель, привязывая токен к ключу клиента, зачем это нужно backend-разработчику и как поднять рабочую реализацию на Keycloak и Quarkus.
https://habr.com/ru/companies/spring_aio/articles/1015544/
#java #kotlin #dpop #ci #cd #bearer #security #безопасность #безопасность_вебприложений #безопасность_в_сети
Markus EiseleBearer tokens are reusable. That’s the problem.
In Quarkus 3.32 you can now implement a custom DPoPNonceProvider and stop OAuth token replay attacks properly.
I built a full end-to-end example with:
- DPoP-bound tokens
- Nonce challenge-response
- Replay protection
- Keycloak Dev Services
Full walkthrough:
https://www.the-main-thread.com/p/quarkus-3-32-dpop-nonce-provider-java-replay-protection
Wednesday LinksWednesday Links - Edition 2026-03-11
https://dev.to/0xkkocel/wednesday-links-edition-2026-03-11-37bb
#java #jvm #http #springboot #dpop #quarkus #postgres #claude
https://dev.to/0xkkocel/wednesday-links-edition-2026-03-11-37bb
#java #jvm #http #springboot #dpop #quarkus #postgres #claude
Erik C. ThauvinDPoP: What It Is, How It Works, and Why Bearer Tokens Aren’t Enough
#bearer #cryptography #dpop #java #oauth #security #token
https://foojay.io/today/dpop-what-it-is-how-it-works-and-why-bearer-tokens-arent-enough/
Foojay.ioDPoP is one of the most exciting developments in the IAM (Identity and Access Management) space in recent years. Yet many backend developers either have not heard of it or are unsure what it actually changes. In this article, I will break down what DPoP is, what problem it solves, and walk through a working…...
#dpop #iam #keycloak #quarkus
https://foojay.io/today/dpop-what-it-is-how-it-works-and-why-bearer-tokens-arent-enough/
#dpop #iam #keycloak #quarkus
https://foojay.io/today/dpop-what-it-is-how-it-works-and-why-bearer-tokens-arent-enough/
damienbodBlogged: Use client assertions in ASP.NET Core using OpenID Connect, OAuth DPoP and OAuth PAR
#dotnet #aspnetcode #oidc #oauth #par #dpop #identity #duende #aspire #oss #iam #swiyu
Use client assertions in ASP.NET Core using OpenID Connect, OAuth DPoP and OAuth PAR
This post looks at implement client assertions in an ASP.NET Core application OpenID Connect client using OAuth Demonstrating Proof of Possession (DPoP) and OAuth Pushed Authorization Requests (PAR…
Blogged: Digital Authentication and Identity validation
https://damienbod.com/2025/12/20/digital-authentication-and-identity-validation/
#oidc #identity #iam #swiyu #eid #oauth #dpop #openid #security #ecollecting #authentication #loa #loi #vc #oauth2 #swiss #ch #cybersecurity
