Integration of the generation of a JWT to allow demonstrating-proof-of-possession (DPoP)
Problem to solve
The security department is starting some work on rolling out a Demonstrating-proof-of-possession (DPoP) for Personal Access Tokens (PATs). We have determined that glab
would be a great fit to add the generation client-side for JWT required.
Proposal
We are still exploring if we are going to integrate parts of go-dpop
by forking it and adapting it to our specification
Further details
Product security engineering will start some work around implementing that feature into glab
.