"DPoP works as specified. The Web Crypto API works as specified. And yet the security guarantee that most teams assume they're getting from their combination doesn't exist in a browser context."
"Non-extractable CryptoKeys in IndexedDB do not prevent XSS exploitation; attackers can invoke crypto.subtle.sign() to proxy-sign DPoP proofs without ever extracting the private key."
"The Backend-for-Frontend (BFF) pattern is the current industry standard for browser-based sender-constrained tokens, shifting key material server-side at the cost of infrastructure overhead."
"No single pattern solves the storage paradox universally; architects must weigh deployment constraints, threat model, and operational maturity to choose."
DPoP (RFC 9449) prevents token replay by binding tokens to a client key pair, but it does not address browser key storage, leading to security gaps. Non-extractable CryptoKeys in IndexedDB do not prevent XSS attacks, allowing attackers to proxy-sign DPoP proofs. The Backend-for-Frontend (BFF) pattern is the industry standard for managing browser-based sender-constrained tokens, though it increases infrastructure overhead. In cases where BFF is not feasible, a memory-only key approach can limit XSS risks. No single solution universally addresses the storage paradox, requiring careful consideration of deployment constraints and threat models.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]