<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-mcguinness-oauth-token-exchange-cnf-00" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Token Exchange cnf">Confirmation Response Parameter for OAuth 2.0 Token Exchange</title>
    <seriesInfo name="Internet-Draft" value="draft-mcguinness-oauth-token-exchange-cnf-00"/>
    <author initials="K." surname="McGuinness" fullname="Karl McGuinness">
      <organization>Independent</organization>
      <address>
        <email>public@karlmcguinness.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="19"/>
    <area>Security</area>
    <workgroup>Web Authorization Protocol</workgroup>
    <keyword>oauth</keyword>
    <keyword>token exchange</keyword>
    <keyword>confirmation</keyword>
    <keyword>dpop</keyword>
    <keyword>mtls</keyword>
    <keyword>proof of possession</keyword>
    <abstract>
      <?line 48?>

<t>This specification defines a <tt>cnf</tt> response parameter for the OAuth 2.0
Token Exchange (RFC 8693) response. The parameter carries the
confirmation method that the authorization server applied to the issued
token, enabling clients to verify that sender-constraint binding (for
example a DPoP key or mutual-TLS client certificate) was performed
without inspecting the issued token. This is useful for opaque tokens,
encrypted tokens, or any other case where the client cannot read the
issued token's <tt>cnf</tt> claim directly.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-mcguinness-oauth-token-exchange-cnf/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Web Authorization Protocol Working Group mailing list (<eref target="mailto:oauth@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/oauth/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/oauth/"/>.
      </t>
    </note>
  </front>
  <middle>
    <?line 59?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>OAuth 2.0 Token Exchange <xref target="RFC8693"/> defines a protocol for exchanging
one security token for another. The Token Exchange request can convey
inputs that trigger the authorization server to issue a
sender-constrained token: a DPoP proof <xref target="RFC9449"/> in the request
header, a mutual-TLS client certificate <xref target="RFC8705"/>, or a future
sender-constraint method.</t>
      <t>When the authorization server applies sender-constraining to the issued
token, the primary signal to the client is the <tt>cnf</tt> claim
(<xref target="RFC7800"/>) inside the issued token. For JWT-formatted tokens the
client can read, this works. The signal fails in three deployment
shapes:</t>
      <ol spacing="normal" type="1"><li>
          <t><strong>Opaque tokens.</strong> The issued token is an unstructured string and
the client cannot read any claim from it.</t>
        </li>
        <li>
          <t><strong>Encrypted tokens.</strong> The issued token is a JWE encrypted to a
downstream consumer (such as a Resource Authorization Server
<xref target="I-D.ietf-oauth-identity-assertion-authz-grant"/>), and the client
does not hold the decryption key.</t>
        </li>
        <li>
          <t><strong><tt>token_type</tt> is "N_A".</strong> <xref section="2.2.1" sectionFormat="of" target="RFC8693"/> requires the
<tt>token_type</tt> response parameter to be <tt>N_A</tt> when the issued token
is not used directly as an access token. Existing sender-constraint
methods, such as DPoP <xref target="RFC9449"/>, rely on <tt>token_type</tt> carrying
the binding method (<tt>token_type: "DPoP"</tt>), and that signal is
unavailable here.</t>
        </li>
      </ol>
      <t>Without a protocol-level signal in the Token Exchange response, an
authorization server that silently fails to apply sender-constraining
(by error or by misbehavior) can downgrade the issued token without
the client noticing.</t>
      <t>This document closes the gap by adding an optional <tt>cnf</tt> parameter to
the Token Exchange response. The parameter carries the same
confirmation structure that <xref target="RFC7800"/> defines for the <tt>cnf</tt> claim. The
client verifies the response <tt>cnf</tt> against the key or certificate it
provided in the request, the same way it would verify the in-token
<tt>cnf</tt> claim, and treats absence (when sender-constraining was
expected) as a downgrade.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in <xref target="BCP14"/> (<xref target="RFC2119"/>) (<xref target="RFC8174"/>) when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This document uses the terms "access token," "authorization
server," "client," "resource server," and "token endpoint" defined
by OAuth 2.0 <xref target="RFC6749"/>. The "issued token" is the token returned
in the <tt>access_token</tt> member of a Token Exchange response
(<xref section="2.2.1" sectionFormat="of" target="RFC8693"/>).</t>
      <t>A "confirmation method" is a sender-constraint binding mechanism
registered in the "JWT Confirmation Methods" registry established
by <xref target="RFC7800"/>, such as the JWK SHA-256 Thumbprint (<tt>jkt</tt>) defined
in <xref target="RFC9449"/> and the X.509 Certificate SHA-256 Thumbprint
(<tt>x5t#S256</tt>) defined in <xref target="RFC8705"/>.</t>
    </section>
    <section anchor="cnf-response-parameter">
      <name>Confirmation Response Parameter</name>
      <t>This specification adds the following optional parameter to the
Token Exchange response defined in <xref section="2.2" sectionFormat="of" target="RFC8693"/>:</t>
      <dl>
        <dt><tt>cnf</tt>:</dt>
        <dd>
          <t><bcp14>OPTIONAL</bcp14>. A JSON object containing one or more confirmation
members as defined in <xref section="3" sectionFormat="of" target="RFC7800"/>. The value
identifies the confirmation method that the authorization server
applied to the issued token, allowing the client to verify the
sender-constraint binding without inspecting the issued token.</t>
        </dd>
      </dl>
      <t>The parameter's structure and member names are those of the <tt>cnf</tt>
JWT claim <xref target="RFC7800"/>; this document defines no new confirmation
methods. Conveying a token's confirmation outside the token follows
the precedent of token introspection (<xref section="3.2" sectionFormat="of" target="RFC8705"/>;
<xref section="6.2" sectionFormat="of" target="RFC9449"/>).</t>
      <t>The parameter describes only the issued token, not any
<tt>refresh_token</tt> returned in the same response. It is defined only
for Token Exchange responses; its
use with other grant types is out of scope. Clients that do not
support this specification ignore unrecognized response members
(<xref section="5.1" sectionFormat="of" target="RFC6749"/>).</t>
      <section anchor="cnf-comparison">
        <name>Relationship to the In-Token <tt>cnf</tt> Claim</name>
        <t>When the issued token is a JWT carrying a <tt>cnf</tt> claim, the <tt>cnf</tt>
response parameter <bcp14>MUST</bcp14> represent the same confirmation as that
claim: the same confirmation member name(s) identifying the same
key or certificate. The parameter does not replace the claim; the
client verifies the binding from the response while the token's
consumer validates it from the token itself. A client that can read
the issued token's <tt>cnf</tt> claim <bcp14>MUST</bcp14> reject the response if the two
values do not represent the same confirmation.</t>
        <t>Wherever this document compares two <tt>cnf</tt> values (a response
parameter against an in-token claim, or against the client's
sender-constraint input), the comparison is by confirmation method
and value, not by byte representation:</t>
        <ul spacing="normal">
          <li>
            <t>JSON member ordering and insignificant whitespace are ignored.</t>
          </li>
          <li>
            <t>A thumbprint member (for example <tt>jkt</tt> or <tt>x5t#S256</tt>) is compared
as the base64url-encoded string it represents.</t>
          </li>
          <li>
            <t>A full public key in a <tt>jwk</tt> member is compared against a
thumbprint by computing the key's JWK SHA-256 Thumbprint
(<xref target="RFC7638"/>).</t>
          </li>
        </ul>
        <t>These rules avoid a dependency on any particular JSON
canonicalization scheme.</t>
      </section>
    </section>
    <section anchor="as-behavior">
      <name>Authorization Server Behavior</name>
      <t>When the authorization server applies sender-constraining to the
token it issues in response to a Token Exchange request:</t>
      <ul spacing="normal">
        <li>
          <t>It <bcp14>MUST</bcp14> include the <tt>cnf</tt> parameter in the Token Exchange
response.</t>
        </li>
        <li>
          <t>The confirmation member name and value <bcp14>MUST</bcp14> identify the
confirmation method actually applied to the issued token.</t>
        </li>
        <li>
          <t>The <tt>cnf</tt> parameter <bcp14>SHOULD</bcp14> contain exactly one confirmation
member and <bcp14>MUST NOT</bcp14> contain a member identifying a binding that
was not applied.</t>
        </li>
      </ul>
      <t>When the authorization server does not apply sender-constraining to
the issued token, it <bcp14>MUST NOT</bcp14> include the <tt>cnf</tt> parameter in the
response.</t>
      <t>When the authorization server receives sender-constraint input (for
example a DPoP proof header or a mutual-TLS client certificate) but
does not apply the binding, it <bcp14>SHOULD</bcp14> reject the request with an
error response (<xref section="2.2.2" sectionFormat="of" target="RFC8693"/>) rather than issue an
unbound token. If it issues the token anyway, omitting <tt>cnf</tt>
signals the downgrade to the client.</t>
    </section>
    <section anchor="client-behavior">
      <name>Client Behavior</name>
      <t>A client that provides sender-constraint input in a Token Exchange
request (for example a DPoP proof or a mutual-TLS client
certificate) <bcp14>MUST</bcp14> validate the Token Exchange response as follows:</t>
      <ol spacing="normal" type="1"><li>
          <t>The client <bcp14>MUST</bcp14> treat a <tt>cnf</tt> value that is not a JSON object,
or is an empty JSON object, as if <tt>cnf</tt> were absent.</t>
        </li>
        <li>
          <t>If the response does not contain a <tt>cnf</tt> parameter (or contains
one treated as absent per the previous rule), the client <bcp14>MUST</bcp14>
treat the issued token as not sender-constrained. A client that
requires sender-constraining <bcp14>MUST</bcp14> reject the response and not
use the issued token.</t>
        </li>
        <li>
          <t>Otherwise, the client <bcp14>MUST</bcp14> verify that <tt>cnf</tt> contains the
confirmation member corresponding to its sender-constraint
input and that the member's value matches that input:  </t>
          <ul spacing="normal">
            <li>
              <t>For a DPoP proof: a <tt>jkt</tt> member whose value equals the JWK
SHA-256 Thumbprint (<xref target="RFC7638"/>) of the public key in the
DPoP proof JWT.</t>
            </li>
            <li>
              <t>For a mutual-TLS client certificate: an <tt>x5t#S256</tt> member
whose value equals the base64url-encoded SHA-256 hash of the
certificate's DER encoding (<xref target="RFC8705"/>).</t>
            </li>
          </ul>
          <t>
If the corresponding member is absent or its value does not
match, the client <bcp14>MUST</bcp14> reject the response and not use the
issued token. The client <bcp14>MUST</bcp14> ignore any other confirmation
members.</t>
        </li>
      </ol>
      <t>Absence of <tt>cnf</tt> indicates either a downgrade (intentional or
otherwise) or an authorization server that does not implement this
specification; the rules above treat both the same.</t>
      <t>A client that did not provide sender-constraint input but receives
a response containing <tt>cnf</tt> holds a token bound to the identified
key or certificate. If the client holds that key or certificate
(for example, the certificate it used for mutual-TLS client
authentication), it <bcp14>MAY</bcp14> use the issued token and <bcp14>SHOULD</bcp14> satisfy the
confirmation method when presenting it. Otherwise the issued token
is unusable, and the client <bcp14>SHOULD</bcp14> treat the response as an error.</t>
    </section>
    <section anchor="examples">
      <name>Examples</name>
      <t>The examples in this section illustrate the <tt>cnf</tt> response parameter
for different confirmation methods. Extra line breaks in request
bodies and header fields are for display purposes only.</t>
      <section anchor="dpop-bound-token">
        <name>DPoP-Bound Token</name>
        <t>A client includes a DPoP proof header <xref target="RFC9449"/> in a Token
Exchange request for an Identity Assertion JWT Authorization Grant
(ID-JAG) <xref target="I-D.ietf-oauth-identity-assertion-authz-grant"/>. Because
<tt>token_type</tt> is <tt>N_A</tt> for an ID-JAG, it cannot signal the binding;
the authorization server instead includes <tt>cnf</tt> with a <tt>jkt</tt> member
in the response.</t>
        <sourcecode type="http"><![CDATA[
POST /oauth2/token HTTP/1.1
Host: as.example
Content-Type: application/x-www-form-urlencoded
DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7...

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange
&requested_token_type=
 urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aid-jag
&audience=https%3A%2F%2Fras.example%2F
&subject_token=eyJraWQiOiJzMTZ0cVNtODhwREo4VGZCXzdrSEtQ...
&subject_token_type=
 urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aid_token
]]></sourcecode>
        <sourcecode type="http"><![CDATA[
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store

{
  "issued_token_type": "urn:ietf:params:oauth:token-type:id-jag",
  "access_token": "eyJ0eXAiOi...",
  "token_type": "N_A",
  "expires_in": 300,
  "cnf": {
    "jkt": "0ZcOCORZNYy-DWpqq30jZyJGHTN0d2HglBV3uiguA4I"
  }
}
]]></sourcecode>
        <t>The client compares the <tt>jkt</tt> value to the JWK SHA-256 Thumbprint
of its DPoP public key and rejects the response on mismatch.</t>
      </section>
      <section anchor="mutual-tls-bound-token">
        <name>Mutual-TLS-Bound Token</name>
        <t>A client establishes a mutual-TLS connection to the token endpoint
and presents a client certificate. The authorization server applies
the binding and includes <tt>cnf</tt> with an <tt>x5t#S256</tt> member <xref target="RFC8705"/>
in the response.</t>
        <sourcecode type="http"><![CDATA[
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store

{
  "issued_token_type":
    "urn:ietf:params:oauth:token-type:access_token",
  "access_token": "mF_9.B5f-4.1JqM",
  "token_type": "Bearer",
  "expires_in": 3600,
  "cnf": {
    "x5t#S256": "bwcK0esc3ACC3DB2Y5_lESsXE8o9ltc05O89jdN-dg2"
  }
}
]]></sourcecode>
      </section>
      <section anchor="no-sender-constraint-applied">
        <name>No Sender-Constraint Applied</name>
        <t>The client did not supply a DPoP proof or a mutual-TLS client
certificate. The authorization server issues an unbound token and
omits <tt>cnf</tt>.</t>
        <sourcecode type="http"><![CDATA[
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store

{
  "issued_token_type": "urn:ietf:params:oauth:token-type:id-jag",
  "access_token": "eyJ0eXAiOi...",
  "token_type": "N_A",
  "expires_in": 300
}
]]></sourcecode>
        <t>A client that provided sender-constraint input treats this token as
unbound and, if it requires sender-constraining, rejects the
response (<xref target="client-behavior"/>).</t>
      </section>
    </section>
    <section anchor="security">
      <name>Security Considerations</name>
      <section anchor="the-response-parameter-is-informational">
        <name>The Response Parameter Is Informational</name>
        <t>The <tt>cnf</tt> response parameter is informational. Authoritative
enforcement of the binding occurs when the issued token is
presented to its consumer (a resource server or another
authorization server), which validates the token's <tt>cnf</tt> claim
against the presenter's proof. A verified response <tt>cnf</tt> tells the
client only that the authorization server did not downgrade
issuance, not that the token's consumer will enforce the binding;
both checks are needed end-to-end.</t>
        <t>This check defends against an authorization server that fails to
apply sender-constraining through error or misconfiguration. It
does not defend against a malicious authorization server, which
issues the token and controls its contents entirely. Protection
against a hostile issuer is out of scope for this document.</t>
      </section>
      <section anchor="tls-for-the-response">
        <name>TLS for the Response</name>
        <t>TLS, already required for the token endpoint by
<xref section="3.2" sectionFormat="of" target="RFC6749"/>, prevents an on-path attacker from
stripping or modifying the <tt>cnf</tt> parameter to suppress the binding
signal.</t>
      </section>
      <section anchor="replay-and-freshness">
        <name>Replay and Freshness</name>
        <t>This specification does not itself prevent replay of the response
<tt>cnf</tt> value. The replay protections of the underlying
sender-constraint method continue to apply: the DPoP nonce and
<tt>jti</tt> (<xref target="RFC9449"/>) and, for mutual TLS, the live TLS session.</t>
      </section>
      <section anchor="disclosure">
        <name>Disclosure</name>
        <t>The <tt>cnf</tt> response parameter discloses the binding method and a key
or certificate thumbprint only to the client that initiated the
request, which already holds the corresponding key material. A
thumbprint is a one-way hash and reveals no additional personal
data, though it is a stable correlator for the bound key.</t>
        <t>Authorization servers <bcp14>SHOULD</bcp14> use a thumbprint member (such as
<tt>jkt</tt>) rather than a full <tt>jwk</tt> member: the client can recompute
the thumbprint from the key it already holds, so a full key
discloses more material than verification requires and enlarges the
response.</t>
      </section>
    </section>
    <section anchor="iana">
      <name>IANA Considerations</name>
      <t>IANA is requested to register the following parameter in the "OAuth
Parameters" registry <xref target="IANA.oauth-parameters"/> established by
<xref target="RFC6749"/>:</t>
      <ul spacing="normal">
        <li>
          <t>Parameter Name: <tt>cnf</tt></t>
        </li>
        <li>
          <t>Parameter Usage Location: token response</t>
        </li>
        <li>
          <t>Change Controller: IETF</t>
        </li>
        <li>
          <t>Specification Document(s): <xref target="cnf-response-parameter"/> of this document</t>
        </li>
      </ul>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC6749">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC7638">
          <front>
            <title>JSON Web Key (JWK) Thumbprint</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>This specification defines a method for computing a hash value over a JSON Web Key (JWK). It defines which fields in a JWK are used in the hash computation, the method of creating a canonical form for those fields, and how to convert the resulting Unicode string into a byte sequence to be hashed. The resulting hash value can be used for identifying or selecting the key represented by the JWK that is the subject of the thumbprint.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7638"/>
          <seriesInfo name="DOI" value="10.17487/RFC7638"/>
        </reference>
        <reference anchor="RFC7800">
          <front>
            <title>Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="April" year="2016"/>
            <abstract>
              <t>This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of- possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7800"/>
          <seriesInfo name="DOI" value="10.17487/RFC7800"/>
        </reference>
        <reference anchor="RFC8693">
          <front>
            <title>OAuth 2.0 Token Exchange</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="A. Nadalin" initials="A." surname="Nadalin"/>
            <author fullname="B. Campbell" initials="B." role="editor" surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
            <date month="January" year="2020"/>
            <abstract>
              <t>This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8693"/>
          <seriesInfo name="DOI" value="10.17487/RFC8693"/>
        </reference>
        <reference anchor="RFC8705">
          <front>
            <title>OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens</title>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual-TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8705"/>
          <seriesInfo name="DOI" value="10.17487/RFC8705"/>
        </reference>
        <reference anchor="RFC9449">
          <front>
            <title>OAuth 2.0 Demonstrating Proof of Possession (DPoP)</title>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="D. Waite" initials="D." surname="Waite"/>
            <date month="September" year="2023"/>
            <abstract>
              <t>This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9449"/>
          <seriesInfo name="DOI" value="10.17487/RFC9449"/>
        </reference>
        <reference anchor="IANA.oauth-parameters" target="https://www.iana.org/assignments/oauth-parameters">
          <front>
            <title>OAuth Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
          </front>
        </reference>
        <referencegroup anchor="BCP14" target="https://www.rfc-editor.org/info/bcp14">
          <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119">
            <front>
              <title>Key words for use in RFCs to Indicate Requirement Levels</title>
              <author fullname="S. Bradner" initials="S." surname="Bradner"/>
              <date month="March" year="1997"/>
              <abstract>
                <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
              </abstract>
            </front>
            <seriesInfo name="BCP" value="14"/>
            <seriesInfo name="RFC" value="2119"/>
            <seriesInfo name="DOI" value="10.17487/RFC2119"/>
          </reference>
          <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174">
            <front>
              <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
              <author fullname="B. Leiba" initials="B." surname="Leiba"/>
              <date month="May" year="2017"/>
              <abstract>
                <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
              </abstract>
            </front>
            <seriesInfo name="BCP" value="14"/>
            <seriesInfo name="RFC" value="8174"/>
            <seriesInfo name="DOI" value="10.17487/RFC8174"/>
          </reference>
        </referencegroup>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="I-D.ietf-oauth-identity-assertion-authz-grant">
          <front>
            <title>Identity Assertion JWT Authorization Grant</title>
            <author fullname="Aaron Parecki" initials="A." surname="Parecki">
              <organization>Okta</organization>
            </author>
            <author fullname="Karl McGuinness" initials="K." surname="McGuinness">
              <organization>Independent</organization>
            </author>
            <author fullname="Brian Campbell" initials="B." surname="Campbell">
              <organization>Ping Identity</organization>
            </author>
            <date day="21" month="May" year="2026"/>
            <abstract>
              <t>   This specification provides a mechanism for an application to use an
   identity assertion to obtain an access token for a third-party API by
   coordinating through an identity provider that the downstream
   Resource Authorization Server already trusts for single sign-on
   (SSO), using Token Exchange [RFC8693] and JWT Profile for OAuth 2.0
   Authorization Grants [RFC7523].  This pattern is informally referred
   to as Cross-App Access (XAA).

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-identity-assertion-authz-grant-04"/>
        </reference>
      </references>
    </references>
    <?line 424?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The gap addressed by this specification was identified during work on
"OAuth Identity Assertion Authorization Grant"
<xref target="I-D.ietf-oauth-identity-assertion-authz-grant"/>, where the
combination of <tt>token_type: "N_A"</tt> (mandated by <xref target="RFC8693"/>) and
optional ID-JAG encryption removed the existing client-side path for
detecting sender-constraint downgrade.</t>
    </section>
    <section numbered="false" anchor="document-history">
      <name>Document History</name>
      <aside>
        <t>[[ To be removed from the final specification ]]</t>
      </aside>
      <t>-00</t>
      <ul spacing="normal">
        <li>
          <t>Initial draft.</t>
        </li>
      </ul>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA8Vba3PbNtb+jl+BV53t2hlTke0kTZRNdx3bSZSLncZO06bb
iSESkhhTJEuQVlSP+9v3XAASlChnuzvz7kwmlngBDs71ORcFQSDKuEz0UPYO
s3QSF3NVxlkq32mTZ6nR8q0q1FyXupCTrJCnB1U5k3v9gTzPLnUqj7+EM5VO
dU+o8bjQV7BM+4YM00lPhKrU06xYDqUpIxHnxVCWRWXKvcHg0WBPiCgLU9hl
KKNCTcpgHk6rOE21MUGmYMOgxDUDbdcMYM1gMBCmGs9jY4DccpnDy6Pj82ci
RKpTUxnaQgsgaV+oQisg7UyHVRGXy55YZMXltMiqHK5+0GOJx8qK+Hc+/Nsi
K7MwS3riUi/h0WgoZCCJFPxA1EhHDV4JPdbh9yjPcvw7LxODf/MiyyYS/uWZ
MZpIFlc6rTQsLP8dOqTkI/Y+AOFxOpXP8SW8PldxAteJuH/Eupz0s2KKN1QR
zuDGrCxzM7x7F5/DS/GV7rvH7uKFu+MiWxh9l1a42xNCEQ14ZFhFykmVJCyc
3itVJPJN+NwKp0f34zQuY5UYvN/nS6Yq7BurD8OmKrXHg9ujNNK5hv/Sku9r
e5y8Gidx+I9L2LBRhn6YzYG+NCNOXxHz3j07fPDdvUf243cP9h+6jw8HA/vx
4YNH++7jd4P79uOje/za6ODkoM9qljtdN0Mh4nTibzQKjohvViNjpBlUKVAg
0AKPE+D134NpodISXg/AsvA/qcamLFRYCnE+i400uQ7jSRyyhCM9ieFoUskL
UOoLWTizy1tmV850Y3pixcK24DASz7hdv96X5zN/jVAVRQzbwDrC11UJt2dZ
BNdVSZuolv7Bya7gbZXnSazhqYyeAZOrdCTICnakThWICjQyhGfS0uBT8FI8
WfKqBsVbBGiWwIY4LeU4TiN8YQtOJvQXNc8T2Fgevc3eSrA30BE5r8pKJcH5
6zO7rAyRycQ2vS0XyshcFygfIGQRA81VCYqIvC1x6YZMNlbkB/Ae/lVGg0IT
U7Nc/VZpfsDsCJ2GxTIv3StmBwlRKdADqyELQSoL+KRpdUeWStOsBL6riJjr
b/pXY4UaJiqeyygugLpk2We1mMdRlGghvpGjtCyyqArJeYhNHlZeX1tVvrnx
1Ca3LoJOZF0ScEBkqQbWs7uzDmtC56HTsH6sbFBoYIehM6FDu9JLsIG8QpGS
ehTxdKqLzWoCgqfjSyVWhe5YMnRyZodIR0I7hCPFKa1siRAz4KguduD5W3XB
cgWs+uaGBQb+qqwKvUZCaXUd2P9hptOvabtZU1zSqy4LwCt5Ec9VsZQmnqYq
cc9ZemMyPF8ZxBbRjT7q5mYbNRf8SYfWPoMTvfxwHrAnanSTDblWQdI/JAR2
wshmWL6WmAm4VMP8LbQG3cmTbDmHV4WZqVyjr9vtyzt3Tn176N+5Q2v49OBB
YLMKGQLqClyOIJ4XyBiVRui/N1gGWhEbwaTI5jIuQQh7uOXxis1t3BW4cCx9
CwUlg/2ibIHEaDVHjTXVHOS3ZapwJhW+BCAmq4pQr4TVMxI0vn99/afcOshq
B4/qnZOpAHXBw86yhO9FmijFzcCjwWn38bQXdJ5PGMkv8FS9k08HPTzy9fWZ
JvMHu9/r7yJQaGwdLQJcB8scdmut0hEvgDdjUDZY+wL9VbqmVrhIzASDN4xq
x0Q8S6UKQ4i1TgOPv8SGXOqaPeEybFLgKh3Pybg9s94BCmFlOFmLbIxHS3RT
VmdcSLDhaMt7GMAALtq7qFmPQYU1Oza4QJWqKwQ3Ywgj6J/Rwm1IaPxjkOgr
ndQvMlfWHCAzEzcS3S6ON09A8HAqNizURXAZyy6HIbbGS6mLAqNNIeEz4NWx
nqmrOCu2yXJRg0G3Oqxf2rgmPKMCmcUhrNu3YAJwczUna0sywyoipyrHnVQU
sWFCnMMjwKnZAfmaIm7hwi0YQhq41gYStUtgHnnurQ5WDsh4fpD2cI6MUIPb
oVZsflpNgaGGMYrFCH4UiEsBgr4C641WAslOTS+ghiU8CA6yAiutIQq8nHJ+
ITzCrK6BZ4HwBwgOXA8ALTKnrrgAgASQDKIPHW2z76kFC7KCIH+IATVFVhla
+giZEtN3lCWfClMNcAtv3p+d93b4rzw5pc/vjn94P3p3fISfz14cvH5dfxD2
ibMXp+9fHzWfmjcPT9+8OT454pfhqmxdEr03Bz/3+MC907fno9OTg9c9ZqOv
YgplS74FjF8XeaHRE8PBI23CIh4z66+v/+/p4dvdeyB3jnF7u7uPMMbxt4e7
393Db8hJ3jJLwXT4KwhjKcCWtCpwKZUkoHR5XEJysYNMNTPgqTPxO78ge34d
yr+Nw3z33vf2Ap66ddExrnWRGLd+Ze1l5mTHpY5tapa2rq+wu03vwc+t7475
3sW//R2wtZbB7sO/fy9Wjb5yJg/imIPe+J57pwfffRcm2IXhdbY3/FS4AFnf
JC2wCW4KaSzIumctOBLgVhp4SvLE3Ovmhl1Fz/dePYd6eC1QFsgJYQlrnRdM
6ye6ewF+fz4GFwNxT21yRwiZNkfJbdCIAzjZem7TY/ywOQ2Za9wpNnNR6CkE
O100TqQH4Eu26iJvOOL1JD8MkA+cDGZAZsYM8jxfExZxrZcfXknQsmDv/gNg
VzUfA2YEMrYuPl+WF9s1j8mGGljs0MZP/fuDR/LQ83nra4mtiy/3y2/O4Gqz
oHQLMkiuvdGtpZ7rb7DE4ljf5MU3nUkshBo+4iRLkmyBTK1jTguXIILZIN42
uZ6gW2IGqEpOeiiG0llLXx7Il2enJzIbf4bXEAiW1i1jEoTZZAauq12isRpn
UDidO+/bfVmSrOBXKqkQgjFIrEPVn06osTjTlVJby0XHx1z0Ir+fVSMNm/X5
30mHOeTUsoFMtYnfqHHWHrGIY9jxzwBfIEvqAC7QNBjUeyr/eCVouNifZjLV
i7YQLHjsc2xcElqpM+cWU+E4dYLkclnkkRGce+lQo0iIPk4ZMKXm48PrnufY
bxSKzOGxaO49qO+x7W2vskm6SGc4aq1LDjE1JDviotAT0OyZ82/O/Tm/Qnik
AVojyhGdHuLaAsHSBlMxjwHGGFFhPQJkbesTlKBQlZDqHKgBcBgTZjlscOhq
M6iWUYZ0ClPleVaULLC2QQNIRpOpUuBsNk3j34Gq2lCt5fj++H7tjTkebJOX
+QY8S0ILmlmcO1UfpQGfi9HWIWsQ+ZswmwOvY5OlN16S3pULntcZRF05s7Ct
0c+O1IgAQqFBYQzZlJNES9kUs0nQgsMND3kGsmW2nUdYOmMjfLyOU1chdZ04
Ak2JCl1lCfZ97Gf4LWDszJwy6RZSXswgMWls5K9G1DkxeK44AgIMAuD6TcvS
0uhkgl7UuRpUEldVEKsiWKlqWZaS521RE7OvKBeZIL9prN59jf9cnyk0p1ut
HIfUA9mwyCwNduUt1cCEhrsuZ1BpDfGdlmRFK6PggwPD1r0qVcC2d6yjd/qJ
egixvsPzC3SfRBZ7A3hqvCx1c2oufQN+5aDlkE8B+9pCCpWDwOpQZ4ACECsI
Lkf1QE/MtollrDsgsrIBEnalLS4EclWVsAWe1gcGsXGsxJqNRSdjZfSDe1WR
BJDqZFFT2Yk9iRm7K7YEJJfoKW9BsA57LS5rJOft0cgBuxgNvcS/OXDXGQ2s
BMrVDZPgVVsye7D/sHbNoGZFlWCIusriCJMu200IqeSAZScgAVLmKoGUAvkt
gKVZCoxN6pAczvTcJmldZSL51Obr4KSUCVz2fvPflxGFsz+2LyrR1eaDVYUN
BVpSHggZZHpxGiaVDY2r+X1nlQM4WQceXOh8HcHUrk3Wymw3s27OYpAu4KNC
rNZiMWkzwqn3XSXY5lYWwaEWU10KYVwnfCP6XNZXv6ZqJfS8sqodJzl3ST0E
CtdM51fLwrWv3ljscfWUNiSIy4bCrwtLeLK5nR4EPfFVh4JZn9XZXuGyO9fW
uVr+lU7LuCrFysm9IESns0JrxQBuJBA6UangAlit2iuJXBvhb8tCEZ4BMaWu
n5CKKh1nVVrXxUcTz2yaUAYGv1BLcO/zuCS3wkiAi378oFdv82v0Ni1iDngW
z3d9q2+HSVt12iwF0scVC3T8abnqloS6RSNaoiGtcoH9tnImuniLl7nUf96k
FbQIlblqIMX2TqezVWLl51c7gtq4theg53m5bN3G3SD281oLbJdR+cyW/EeT
Nkqodasx3lXD2EIMxXep3IvegCim6pNdHduBthGjQVCVocDg4nZzVio403HX
oKX1B+utqxVohEvUNfkuN7AREqG3QuSNNWvT0e6hNsEpav8ixir0Cu2ttqrF
YJYvrjfQ5cjDrGAKIht6APB1V/NZY+siO27Pa0BYZq2AlSFc2jyCHgeNgjfv
UKfKV+EhIQJEH5aMBWWQvAxwz9kjhHtq/HeWRvyI75LPNuyw55a+8UB60G9R
dauPG6IaN/DIksuLbqB5HSs54mfKzCyhvIK3ETDx6PidpFeo/e1VZbaZYGsd
bYk1iMqqOhpf6STiDIi6MSiddbW5RRWdHnJLqN0vby9iU0KvH94OyC4txDqc
LZdnzgtgsAgp+9AxvetVx+UWVpNTWy2CiJU5/d/m/vuGXjMnstZ5xOhB52yg
MaB4P5l9zAdnmDjOrqzzkGPYqM5A+qt+PYqZP9a/b3TvEB/rSCyaLMQvQjEP
sDVoXH1DumDGPsCVk6LOlNEpBVPH6xCN6w8LP6JYRWh1SbjhN+masKCGFxLC
bNtm5HLwc6erIv2xgd/A88Ziwi5ESE0Tm0BwQuE5ufXmJM5opJXBbt5qr9Xt
2DhwP8RhNEKgwaH8mJlgIIZbfpgbLue4r3WHw1gwEidJhdItfYC2XkWg0kwU
TyYQ2ygrXTuywbYpLCSpdj8Gai8tuOfZhjE4AM1tIAvFQPikHoWWvLrJEwXJ
S1Xk1NfDklCfSiro54KnpD4U7j3FtejSdIK9lVELi0nE2vAHD4nIke2DywPX
B6eqSztBeo4lJ7E1OgpeHjzf/vPN9D4grVCBfonVzjh3rx0ttD7pox0qcFMW
DRJ9LDYCZcw9cQihZo+FJgROWzFK1K3DGoP/8ccfOEAn3p6CD+QRub27bAIv
zs/f3t3t74oXGeRkoIF9q1niMCOXFpxT+5oSDDaqu1+CxWJB0xwBhA8bPQRK
ayj18uVA/3QQn8YvL8Pnjxav9vL96HBkRvNn5uNy9GB0+eP5m8/v90bxIgbV
KUaf8+/6faCRuEm8e1IV6V/2D1AE8Ic01sAHIhv+0oMBPghf2iOV4lurADr6
1MjiiZC3r8iL2BXjKPispuJbVYF6QwB4QqOHcOMve8/gX9FwCL6Jb01FgJG3
ewKnL9SHH/D0v785/zgIfzwpT49mi3fH2b0fn388/On3qDg7Ln/AE7df/Y8o
5VdRvI2MnUDl3mAgT1/dIsbPBuIKMK4wunzy/vxZ8FAcKgBGAb5SZMkQYkdg
SgiYQlxDcLSdMY/e3lD2gOAhkjtkYodE6rAhdMgM7SHi7vn9Mny50RbgCD/S
Xh1nS+iy/pIjVP0U43v7gwFdxKncobwmkNIDE8A3Bh/D08PTdx9Pfl4GRx/y
337bH3z+uHz5/MX5ySDaezFNnv64X8XT6uDeCIc1b8QN88+DCk2JbuaKTzad
yG7pgYlsQoiGvVaD79BBMnhZmQlATxsbgjvsFd/U0WyDb2yadGYFEGZpav2/
pbHd/KR6nit/wavrAJKx0m01IOHXbbnA1+GKOlCo37i7xTn9/you68xXlbel
sJ0qPH/26VH/6f1JcK+/+/K3N11K/FSDNhVdevygS5Ed//DV8SJ8NdAm3D84
PNw/err38/1PyfGZ+en4YfYoKcPB/dOHjz5HJ0E03WtpM2jTSSbPGO8dNnjv
gOtELXV3KBFbKVjy+nMp/C2KYysbNGznFT5ozA6LG1Zz/mc68D9zXk5KnVWY
aCNMt4M8BPdctl/XlICpO1iyoEr35rx+x/dFwq9mrRaJbP9Lup8bYIMT+5cF
N8MAkrrJ3BvSN1SDjib8yMiRm0HH7IhVb+OcOM43+4/3HVoraYZdaLwZcppk
c2nnk7IQyDHd04I4ZGf9H1dzUfuaYUvKefwZEtlMGXfO0EFisZjF4czrSXkt
q9aQrN+icSRgLYIMDKsytjHmNSf59VInSWtG1rZrbxtyd7ZcZ6Y0y60Ax3Aj
p37b61AzDxaQOEjL3TYmpRwTTCu8ZGyfao1aCroVlFkAf9wcHz2DDWC4ZvzG
1ebk1w0filvq0bMiq6azZgARgialK9OKVRE7z015l7dvdpdzkFBIxbQuMqwc
RUcVNqL8F3yJcdpSUvjEdADnQfv0yxYOu6LZbwZAGluYtGKx2sW284NeR5Bj
PzpXN1pYW9H1N2ViEGgHcLkeZMEM8PUZDlhga3PpzD2q32/Hfjleiq7RAW5y
71CtkWFBChoW5ArDeFmq8BJTuiKbC+yh5TmZGI6hRF6LeH0Yk8JIQRNcjRLZ
4nXf9tMpLUQGP8PxAvxRTPfPSurKCDV3HaXcZ1468697pl7hl4OSfS6vpWTc
OxWqWUKzu5sm7Eneccqoj7STu+gUHNMMS0MYxy4+l/GFrYLZgQt2xU15QpK0
8N0EPBhJ2v56yibDoM9JZnDc/3bfGPGDKy1017JCpUfAKVamSr1mJTuQ1lS/
rYHij5/IM87qwr7zcE7NXM1mtbKHGBe8NTgx8tbC24/mHLJUBzi0SlVFBsNX
GouQaUbjvW7ESheG4gN4U4XsIqOP7SIEfO3OiYKwXis7Rz+eTz/oMHDj6i1Y
AVJdrWY73ibsCJvfuVHcJPabwkOfezxfwA1gTQDZW7+eUKAqb9lm5I40mVse
hdbIlua8HEOZDI4Q1irq6I681GmiiqluR3OO2/iLsPWYDUm3AgdCN4Gzdb6M
auEmB4noZgpurRXbo/FJUcd4f47w+rrzl2g3N/6EIbuk2gdRK7hBDCf0oztu
evnX3xs11fJ1Ftrf3bmZTGv+d+QhF4EsAkxQVvRjyjvyrOVXjqzn3TLbALqv
NwwJ3rCz8Dy14N88jcE1Up89vEyzRaKjKd404nqYVqghOnrSm4CC656t1eEs
O2g6OkU6u+wYVsJGblNClVFFYwv4MxgwIMEc76pnddSyeuJP17B2mt+ECdBm
cC12ZG3i/+LBQlpwd3PQPfIXblTUtT0J2rupSS55uR+8sO7Osyt2M1K732RY
4EmzcRR9sOUb6dKO/a076JWhdCdO+SJGwL/sFsT1UOEON+J7+c9f/vkL5NY4
BO4Iqm11EiPlbdn8+isIHlA7Dizwz0T5F7598S8QVrXIeTwAAA==

-->

</rfc>
