202610

Support for sender constraining tokens using Demonstrating Proof of Possession (DPoP) as defined in RFC9449 is now generally available on Enterprise plans. DPoP binds tokens to the client application using asymmetric key cryptography. Additional features include replay protection and the ability to require DPoP for public clients or all clients. Multiple Auth0 SDKs have shipped with DPoP support for authentication, APIs/Resource Servers, and Management configurations.