When using a client that requires Demonstrating Proof-of-Possession (DPoP), the request to get tokens results in the error:
use_dpop_nonce
- OpenID Connect/OAuth 2.0
- Demonstrating Proof-of-Possession (DPoP)
The integration is expected to make two calls to the /token endpoint to complete an OAuth flow with Demonstrating Proof-of-Possession (DPoP).
In the initial request to the /token endpoint, the Authorization Server will respond back with a use_dpop_nonce error, and a dpop-nonce header will be returned in the response. The value of this dpop-nonce header will then be set as the nonce claim in the payload for the JWT generated for use as the DPoP header. Once a valid nonce has been included in the payload of the JWT used as the DPoP proof in the request to the /token endpoint, tokens can be issued by the Authorization Server.
NOTE: For Service applications, the Require Demonstrating Proof of Possession (DPoP) header in token requests will be enabled by default during client creation.
