OAuth 2.1

datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10

OAuth 2.1 is an in-progress effort to consolidate and simplify the most commonly used features of OAuth 2.0.

Since the original publication of OAuth 2.0 (RFC 6749) in 2012, several new RFCs have been published that either add or remove functionality from the core spec, including OAuth 2.0 for Native Apps (RFC 8252), Proof Key for Code Exchange (RFC 7636), OAuth for Browser-Based Apps, and OAuth 2.0 Security Best Current Practice.

OAuth 2.1 consolidates the changes published in later specs to simplify the core document.

The major differences from OAuth 2.0 are listed below.

More resources