OAuth Security

Security Workshops

The OAuth Security Workshop (OSW) aim is to improve the security of OAuth and related Internet protocols by a direct exchange of views between academic researchers, IETF OAuth Working Group members and industry.

See upcoming workshops

Security Advisories

The OAuth community is committed to identifying and addressing any security issues raised relating to the OAuth protocol and extensions. Any identified threat will be published on this page as soon as it is safe to do so. Due to the nature of many security threats, they cannot be disclosed before sufficient notice is given to vulnerable parties.

The following are known security threats and the protocol version they affect:

OAuth 2.0

OAuth Core 1.0

How to Report Security Threats

Please report any concerns to the OAuth mailing list. Please DO NOT discuss unknown security threats in public as they are likely to be used by attacker before a solution can be applied.