Live Lab: Use Possession-proof Tokens to Protect Your Apps with Okta

Unauthorized use of tokens due to token theft is dangerous and detrimental to our software applications. Single Page Applications (SPA) can be vulnerable to token exfiltration attacks, but your application security depends on legitimate token use to grant access levels appropriately. Leverage the OAuth 2.0 Demonstrating Proof of Possession (DPoP) spec to add an extra protection mechanism on access tokens. DPoP increases identity security for sensitive resources, such as calling Okta management APIs, and is becoming a requirement for specific industries. This lab upgrades a Single Page Application (SPA) using an OAuth 2.0 Bearer access token into a more secure DPoP token.