RFC 9700: OAuth 2.0 Security Best Current Practice

datatracker.ietf.org/doc/html/rfc9700

OAuth 2.0 Security Best Current Practice describes security requirements and other recommendations for clients and servers implementing OAuth 2.0.

More resources

• Why you should stop using the OAuth implicit grant (Torsten Lodderstedt)
• What's New with OAuth and OpenID Connect (Aaron Parecki, April 2020, video)