RFC 9700: OAuth 2.0 Security Best Current Practice

datatracker.ietf.org/doc/html/rfc9700

OAuth 2.0 Security Best Current Practice describes security requirements and other recommendations for clients and servers implementing OAuth 2.0.

More resources