Support for DPoP (Demonstration of Proof of Possession) based authentication
We are dealing with Healthcare data and API authentication requries a DPoP token which is a signed JWT in a slight different format such as typ set to 'dpop+jwt' and the jwk included in the header. This is not supported by Pega and though I think we can achieve this programatically but its not without hassel. OAuth 2.0 DPoP - Demonstrating Proof of Possession - RFC9449
Has anybody else implemented this and if yes, what challenges have you faced? Also do we know if Pega plans to have this in upcoming releases? We are also planning to request for a hot fix to support this (will see how that goes).
Updated: 15 Jan 2025 9:56 EST
Pegasystems Inc.
GB
@Piyush I doubt that a hotfix will be possible for your requirement, but I can tell you that there is an enhancement request entry in the system showing that the functionality is being looked at for future versions:
FDBK-119683 (Request to support DPoP JWT token using token profile)
I cannot give you any update - please contact your Pega AE if you need further details.
@tents could you comment whether there has been any movement on EPIC-99537 and the enhancement request?