OAuth 2.0

OAuth 2.0 logoOAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.

OAuth 2.1 is an in-progress effort to consolidate OAuth 2.0 and many common extensions under a new name.

Questions, suggestions and protocol changes should be discussed on the mailing list.

Video Course: The Nuts and Bolts of OAuth 2.0
by Aaron Parecki

OAuth 2.0

Mobile and Other Devices

Token and Token Management

Discovery and Registration

High Security OAuth

These specs are used to add additional security properties on top of OAuth 2.0.

Experimental and Draft Specs

The specs below are either experimental or in draft status and are still active working group items. They will likely change before they are finalized as RFCs or BCPs.

Additional Extensions

Related Work from Other Communities

Community Resources

Protocols Built on OAuth 2.0

Code and Services

OAuth 2.1

Legacy