Skills
.Work. You
Rest

identityserver-token-security

Official

Secure OAuth with PoP, PAR, and FAPI 2.0.

Software Engineering#mtls#oauth2#dpop#jar#par#identityserver#fapi2
AuthorDuendeSoftware
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Token leakage and misuse are risks when using bearer access tokens. This Skill enables cryptographic binding of tokens to clients (via DPoP, mTLS) and supports advanced flows (PAR, JAR) to harden OAuth security and regulatory compliance.

Core Features & Use Cases

  • Enable DPoP-based proof-of-possession token binding to client keys
  • Support mTLS token binding and certificate-based client authentication
  • Enable PAR and JAR to protect authorization parameters and requests
  • Align with FAPI 2.0 security requirements in Open Banking/regulated contexts
  • Use Case: Strengthen a Duende IdentityServer deployment for finance/health sectors requiring strong token binding

Quick Start

Configure your IdentityServer deployment to enable DPoP, PAR, JAR, and FAPI 2.0 features for sender-constrained tokens and compliance.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: identityserver-token-security
Download link: https://github.com/DuendeSoftware/duende-skills/archive/main.zip#identityserver-token-security

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.