Proof-of-Possession

Proof-of-possession is a way to ensure that the client sending a request to the resource server possesses a particular cryptographic key. In other words, it is a way of proving the identity of the client.

Configure proof-of-possession to control which clients access your resources, or to mitigate against token theft; a malicious user with an access token must also present the cryptographic key to access the resources.