mTLS-bound tokens (RFC 8705)

RU: mTLS-bound токены (RFC 8705)

Certificate-bound access tokens (RFC 8705): an OAuth 2.0 mechanism that binds an access token to the client's mTLS certificate by embedding a SHA-256 thumbprint of the certificate in the token's cnf claim. The resource server verifies that the certificate presented during the mTLS handshake matches the thumbprint, so a stolen bearer token is useless without the corresponding private key.