---
title: Proof-of-possession
description: Proof-of-possession is a way to ensure that the client sending a request to the resource server possesses a particular cryptographic key. In other words, it is a way of proving the identity of the client.
component: pingoneaic
page_id: pingoneaic:am-oauth2:oauth2-proof-of-possession
canonical_url: https://docs.pingidentity.com/pingoneaic/am-oauth2/oauth2-proof-of-possession.html
keywords: ["OAuth 2.0", "JWK", "Authorization", "Cryptographic Keys"]
page_aliases: ["oauth2-guide:oauth2-proof-of-possession.adoc"]
---

# Proof-of-possession

Proof-of-possession is a way to ensure that the client sending a request to the resource server possesses a particular cryptographic key. In other words, it is a way of proving the identity of the client.

Configure proof-of-possession to control which clients access your resources, or to mitigate against token theft; a malicious user with an access token must also present the cryptographic key to access the resources.

Advanced Identity Cloud supports [JWK-based proof-of-possession](oauth2-PoP-JWK.html).