leastprivilege.com
OAuth 2.0: The long Road to Proof-of-Possession Access Tokens
I did a lot of WS-Security in my (distant) past – and whenever we started looking into migrating to OAuth 2.0, there was this one thing on the security check-list that was missing in the OAuth worl…