oauth.net/specs/
oauth.net/specs/
Current active drafts in the OAuth working group
|
Cross-Device Flows: Security Best Current Practice
draft-ietf-oauth-cross-device-security-04 |
|
|
Transaction Tokens
draft-ietf-oauth-transaction-tokens-00 |
|
|
Selective Disclosure for JWTs (SD-JWT)
draft-ietf-oauth-selective-disclosure-jwt-07 |
|
|
SD-JWT-based Verifiable Credentials (SD-JWT VC)
draft-ietf-oauth-sd-jwt-vc-01 |
|
|
Token Status List
draft-ietf-oauth-status-list-00 |
|
|
OAuth 2.0 for Browser-Based Apps
draft-ietf-oauth-browser-based-apps-15 |
|
|
OAuth Identity and Authorization Chaining Across Domains
draft-ietf-oauth-identity-chaining |
|
|
OAuth 2.0 Security Best Current Practice
draft-ietf-oauth-security-topics-24 Waiting for AD Go-Ahead::Revised I-D Needed |
|
|
OAuth 2.0 Protected Resource Metadata
draft-ietf-oauth-resource-metadata-01 |
|
|
The OAuth 2.1 Authorization Framework
draft-ietf-oauth-v2-1-09 |
|
|
OAuth 2.0 Attestation-Based Client Authentication
draft-ietf-oauth-attestation-based-client-auth-01 |
|
|
JWT Response for OAuth Token Introspection
draft-ietf-oauth-jwt-introspection-response RFC Ed Queue |
|
|
OAuth Status Attestations
draft-demarco-oauth-status-attestations |
|
|
Proof of Issuer Key Authority (PIKA)
draft-barnes-oauth-pika |
|
|
Global Token Revocation
draft-parecki-oauth-global-token-revocation-01 |
|
|
Identity Assertion Authorization Grant
draft-parecki-oauth-identity-assertion-authz-grant |
|
|
OAuth 2.0 for First-Party Applications
draft-parecki-oauth-first-party-apps-00 |
|
|
Cedar Profile for OAuth 2.0 Rich Authorization Requests
draft-cecchetti-oauth-rar-cedar |
|
|
OAuth Cookie Response Mode
draft-hanson-oauth-cookie-response-mode |
|
|
OAuth 2.0 Nonce Endpoint
draft-demarco-oauth-nonce-endpoint |
|
|
JSON Web Token (JWT) Embedded Tokens
draft-yusef-oauth-nested-jwt-08 |
|
|
OAuth 2.0 Web Message Response Mode for Popup- and Iframe-based Authorization Flows
draft-meyerzuselha-oauth-web-message-response-mode-00 |
|
|
OAuth 2.0 Web Message Response Mode
draft-sakimura-oauth-wmrm-01 |
|
|
The Use of Attestation in OAuth 2.0 Dynamic Client Registration
draft-tschofenig-oauth-attested-dclient-reg-01 |
|
|
OAuth Client and Device Metadata for Nested Flows
draft-parecki-oauth-metadata-for-nested-flows-00 |
|
|
Transaction Tokens
draft-tulshibagwale-oauth-transaction-tokens-05 |
|
|
OAuth-PoA Grant Type
draft-vattaparambil-oauth-poa-grant-type-01 |
|
|
OAuth 2.0 Step Up Authentication Challenge Protocol
RFC 9470 |
|
|
OAuth 2.0 Demonstrating Proof of Possession (DPoP)
RFC 9449 |
|
|
OAuth 2.0 Rich Authorization Requests
RFC 9396 |
|
|
JWK Thumbprint URI
RFC 9278 |
|
|
OAuth 2.0 Authorization Server Issuer Identification
RFC 9207 |
|
|
OAuth 2.0 Pushed Authorization Requests
RFC 9126 |
|
|
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
RFC 9101 |
|
|
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
RFC 9068 |
|
|
JSON Web Token Best Current Practices
RFC 8725 Best Current Practice |
|
|
Resource Indicators for OAuth 2.0
RFC 8707 |
|
|
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
RFC 8705 |
|
|
OAuth 2.0 Token Exchange
RFC 8693 |
|
|
OAuth 2.0 Device Authorization Grant
RFC 8628 |
|
|
OAuth 2.0 Authorization Server Metadata
RFC 8414 |
|
|
OAuth 2.0 for Native Apps
RFC 8252 Best Current Practice |
|
|
Authentication Method Reference Values
RFC 8176 |
|
|
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
RFC 7800 |
|
|
OAuth 2.0 Token Introspection
RFC 7662 |
|
|
Proof Key for Code Exchange by OAuth Public Clients
RFC 7636 |
|
|
OAuth 2.0 Dynamic Client Registration Management Protocol
RFC 7592 Experimental |
|
|
OAuth 2.0 Dynamic Client Registration Protocol
RFC 7591 |
|
|
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7523 |
|
|
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7522 |
|
|
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7521 |
|
|
JSON Web Token (JWT)
RFC 7519 |
|
|
OAuth 2.0 Token Revocation
RFC 7009 |
|
|
OAuth 2.0 Threat Model and Security Considerations
RFC 6819 Informational |
|
|
An IETF URN Sub-Namespace for OAuth
RFC 6755 Informational |
|
|
The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 6750 |
|
|
The OAuth 2.0 Authorization Framework
RFC 6749 |
|