Token Binding

Token binding is a security mechanism used to enhance the protection of tokens, such as cookies or OAuth tokens, by binding them to a specific connection.

["## How it works\n\nWhen issuing a security token to a client that supports Token Binding, a server includes the client's Token Binding ID (or its cryptographic hash) in the token. Later on, when a client presents a security token containing a Token Binding ID, the server verifies that the ID in the token matches the ID of the Token Binding established with the client. In the case of a mismatch, the server rejects the token.\n\n## Considerations\n\n- While industry participation in the standards process is widespread, browser support remains limited.\n- In practice, token-binding implementations are tied to Transport Security Layer (TLS).",{"@id":"d3f:Reference-RFC8471TheTokenBindingProtocolVersion1.0"}]