OATHOAT

OATHOAT is a proposed framework intended to extend the OATH ecosystem by integrating one-time password generation with device attestation to enable interoperable authentication tokens across services. The term has appeared in security discussions as a conceptual approach to combine existing OTP mechanisms (HOTP, TOTP) with cryptographic attestations to verify a user and device before granting access.

In this model, a client device, an authorization server, and a resource server collaborate, with an attestation

Security and privacy considerations include minimizing data collection, protecting secrets in secure enclaves, preventing phishing by

As of now, OATHOAT is not an official standard. It remains a topic in academic and industry

Related topics include OATH, HOTP, TOTP, OAuth 2.0, OpenID Connect, FIDO2, and device attestation.