The OAuth confirmation claim used to bind a token to a particular key or certificate, often via a JWK thumbprint. It gives the resource server a reference point for checking whether the caller presenting the token is the one originally authorised to use it.
Expanded Definition
The cnf claim, short for confirmation claim, is part of OAuth token binding. It tells a resource server which key or certificate was used to prove possession when the token was issued, so the token is not transferable by itself. In practice, the claim often carries a JWK thumbprint or another reference that can be matched against the presenter’s proof.
Definitions vary across vendors on how broadly “token binding” is implemented, but the security goal is consistent: reduce replay by making a token useful only alongside the correct proof material. This matters most for NHI workloads where a service account, agent, or workload identity presents credentials programmatically rather than through an interactive user session. The distinction from ordinary bearer tokens is critical because bearer tokens rely on possession alone, while cnf-based tokens require matching confirmation at use time. For implementation context, the OAuth 2.0 Proof-of-Possession Key Semantics specification describes the confirmation claim model that underpins this pattern.
The most common misapplication is treating a cnf claim as a generic metadata field, which occurs when teams issue tokens without enforcing proof-of-possession checks at the resource server.
Examples and Use Cases
Implementing cnf rigorously often introduces operational friction, because the caller must manage a stable proof key or certificate lifecycle alongside token issuance, requiring organisations to weigh replay resistance against added key-management complexity.
- A workload receives an access token that includes a cnf value derived from its client certificate, and the API accepts the token only when the presented certificate matches the claim.
- An agent obtains a short-lived token bound to a JWK thumbprint, reducing the blast radius if the token is copied from logs or memory.
- A platform team uses cnf with mTLS so that a service-to-service call can be validated against both transport identity and token confirmation.
- During NHI governance reviews, teams compare token issuance logs with proof material to confirm that service accounts are not using unbound bearer tokens. This is especially relevant when assessing secret exposure patterns discussed in The State of Secrets in AppSec and attack speed observations from LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- A federation gateway issues proof-of-possession tokens for a high-value API, while downstream services reject any token whose cnf reference does not align with the active key.
For broader identity control design, teams often map these patterns to the NIST Cybersecurity Framework 2.0 and related access controls.
Why It Matters in NHI Security
CNF claims matter because NHI tokens are frequently machine-readable, copied across automation layers, and reused in places where human detection is weak. Without confirmation binding, a leaked token can behave like a reusable bearer secret, which undermines Zero Trust assumptions and makes lateral movement easier after compromise. That risk is amplified when secrets are already hard to govern: NHIMG research in The State of Secrets in AppSec reports that the average time to remediate a leaked secret is 27 days, despite strong organisational confidence in secrets management. In agentic and service-to-service flows, a cnf claim helps ensure that the token alone is not enough for abuse.
Practitioners should treat cnf as one control in a wider proof-of-possession strategy that includes certificate lifecycle management, key rotation, and strict validation at the API boundary. It is also a strong fit for high-risk automation paths where exposed credentials can be exploited rapidly, as highlighted in LLMjacking: How Attackers Hijack AI Using Compromised NHIs. Organisations typically encounter the need for cnf only after a token replay, service impersonation, or compromised automation job has already forced an incident response review, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers binding tokens to proof material and reducing replay risk for NHIs. |
| NIST CSF 2.0 | PR.AC-1 | Identity proofing and access enforcement align with token confirmation checks. |
| NIST Zero Trust (SP 800-207) | Zero Trust requires continuous verification beyond bearer possession alone. |
Use proof-of-possession controls so stolen tokens cannot be replayed without the bound key.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 22, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
