Bearer tokens are reusable. That’s the problem.

In Quarkus 3.32 you can now implement a custom DPoPNonceProvider and stop OAuth token replay attacks properly.

I built a full end-to-end example with:
- DPoP-bound tokens
- Nonce challenge-response
- Replay protection
- Keycloak Dev Services

Full walkthrough:
https://www.the-main-thread.com/p/quarkus-3-32-dpop-nonce-provider-java-replay-protection

#Quarkus #Java #OAuth2 #DPoP #APISecurity