Feature Request
Modern OAuth deployments are increasingly adopting DPoP (Demonstrating Proof-of-Possession) to reduce token replay risk and improve sender-constrained security.
For Android apps using AppAuth, implementing DPoP currently requires substantial custom logic outside the library, especially around key lifecycle, proof JWT generation, nonce handling, and header attachment coordination.
First-class Android support would make secure-by-default integrations easier, more consistent, and less error-prone across the ecosystem.
Feature Request
Modern OAuth deployments are increasingly adopting DPoP (Demonstrating Proof-of-Possession) to reduce token replay risk and improve sender-constrained security.
For Android apps using AppAuth, implementing DPoP currently requires substantial custom logic outside the library, especially around key lifecycle, proof JWT generation, nonce handling, and header attachment coordination.
First-class Android support would make secure-by-default integrations easier, more consistent, and less error-prone across the ecosystem.