OAuth Working Group Specifications

Current active drafts in the OAuth working group

Active Drafts

OAuth 2.0 Protected Resource Metadata
draft-ietf-oauth-resource-metadata-00
2023-09-06
OAuth 2.0 Attestation-Based Client Authentication
draft-ietf-oauth-attestation-based-client-auth-00
2023-09-01
SD-JWT-based Verifiable Credentials (SD-JWT VC)
draft-ietf-oauth-sd-jwt-vc
2023-08-16
The OAuth 2.1 Authorization Framework
draft-ietf-oauth-v2-1-09
2023-07-10
Cross-Device Flows: Security Best Current Practice
draft-ietf-oauth-cross-device-security-02
2023-07-10
Selective Disclosure for JWTs (SD-JWT)
draft-ietf-oauth-selective-disclosure-jwt-05
2023-06-30
OAuth 2.0 for Browser-Based Apps
draft-ietf-oauth-browser-based-apps-14
2023-06-29
OAuth 2.0 Security Best Current Practice
draft-ietf-oauth-security-topics-23
2023-06-06
JWT Response for OAuth Token Introspection
draft-ietf-oauth-jwt-introspection-response
RFC Ed Queue
2021-09-04


Active Individual Drafts

Transaction Tokens
draft-tulshibagwale-oauth-transaction-tokens-03
2023-08-31
JWT and CWT Status List
draft-looker-oauth-jwt-cwt-status-list-01
2023-07-10
OAuth 2.0 Attestation-Based Client Authentication
draft-looker-oauth-attestation-based-client-auth-00
2023-07-10
SD-JWT-based Verifiable Credentials (SD-JWT VC)
draft-terbu-oauth-sd-jwt-vc-00
2023-07-10
The Use of Attestation in OAuth 2.0 Dynamic Client Registration
draft-tschofenig-oauth-attested-dclient-reg-00
2023-07-10
OAuth 2.0 for First-Party Native Applications
draft-parecki-oauth-first-party-native-apps-00
2023-07-07
JSON Web Token (JWT) Embedded Tokens
draft-yusef-oauth-nested-jwt-07
2023-06-25
OAuth 2.0 Client ID Scheme
draft-looker-oauth-client-id-scheme
2023-05-15


RFCs

OAuth 2.0 Step Up Authentication Challenge Protocol
RFC 9470
2023-06-26
OAuth 2.0 Demonstrating Proof of Possession (DPoP)
RFC 9449
2023-04-13
OAuth 2.0 Rich Authorization Requests
RFC 9396
2023-01-30
JWK Thumbprint URI
RFC 9278
2022-06-02
OAuth 2.0 Authorization Server Issuer Identification
RFC 9207
2022-01-11
OAuth 2.0 Pushed Authorization Requests
RFC 9126
2021-07-29
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
RFC 9101
2021-04-08
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
RFC 9068
2021-05-25
JSON Web Token Best Current Practices
RFC 8725
Best Current Practice
2019-10-13
Resource Indicators for OAuth 2.0
RFC 8707
2019-09-11
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
RFC 8705
2019-08-23
OAuth 2.0 Token Exchange
RFC 8693
2019-07-21
OAuth 2.0 Device Authorization Grant
RFC 8628
2019-03-11
OAuth 2.0 Authorization Server Metadata
RFC 8414
2018-03-04
OAuth 2.0 for Native Apps
RFC 8252
Best Current Practice
2017-06-09
Authentication Method Reference Values
RFC 8176
2017-03-13
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
RFC 7800
2015-12-19
OAuth 2.0 Token Introspection
RFC 7662
2015-07-04
Proof Key for Code Exchange by OAuth Public Clients
RFC 7636
2015-07-10
OAuth 2.0 Dynamic Client Registration Management Protocol
RFC 7592
Experimental
2015-05-05
OAuth 2.0 Dynamic Client Registration Protocol
RFC 7591
2015-05-28
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7523
2014-11-12
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7522
2014-11-12
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7521
2014-10-21
JSON Web Token (JWT)
RFC 7519
2014-12-10
OAuth 2.0 Token Revocation
RFC 7009
2013-07-13
OAuth 2.0 Threat Model and Security Considerations
RFC 6819
Informational
2012-10-06
An IETF URN Sub-Namespace for OAuth
RFC 6755
Informational
2012-07-16
The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 6750
2012-08-01
The OAuth 2.0 Authorization Framework
RFC 6749
2012-08-01