Proof of Possession

A new proof of possession mechanism, known as Depop, is being developed for application-layer security. This approach allows clients to sign JWTs that demonstrate possession of a private key, enhancing token security in OAuth without the complications of traditional MTLS. The method streamlines the process for browser applications, ensuring a smoother user experience while preventing unauthorized token use.