Specs — OAuth

OAuth Working Group Specifications

Current active drafts in the OAuth working group

Active Drafts

OAuth 2.0 Protected Resource Metadata draft-ietf-oauth-resource-metadata-00	2023-09-06
OAuth 2.0 Attestation-Based Client Authentication draft-ietf-oauth-attestation-based-client-auth-00	2023-09-01
SD-JWT-based Verifiable Credentials (SD-JWT VC) draft-ietf-oauth-sd-jwt-vc	2023-08-16
The OAuth 2.1 Authorization Framework draft-ietf-oauth-v2-1-09	2023-07-10
Cross-Device Flows: Security Best Current Practice draft-ietf-oauth-cross-device-security-02	2023-07-10
Selective Disclosure for JWTs (SD-JWT) draft-ietf-oauth-selective-disclosure-jwt-05	2023-06-30
OAuth 2.0 for Browser-Based Apps draft-ietf-oauth-browser-based-apps-14	2023-06-29
OAuth 2.0 Security Best Current Practice draft-ietf-oauth-security-topics-23	2023-06-06
JWT Response for OAuth Token Introspection draft-ietf-oauth-jwt-introspection-response RFC Ed Queue	2021-09-04

Active Individual Drafts

Transaction Tokens draft-tulshibagwale-oauth-transaction-tokens-03	2023-08-31
JWT and CWT Status List draft-looker-oauth-jwt-cwt-status-list-01	2023-07-10
OAuth 2.0 Attestation-Based Client Authentication draft-looker-oauth-attestation-based-client-auth-00	2023-07-10
SD-JWT-based Verifiable Credentials (SD-JWT VC) draft-terbu-oauth-sd-jwt-vc-00	2023-07-10
The Use of Attestation in OAuth 2.0 Dynamic Client Registration draft-tschofenig-oauth-attested-dclient-reg-00	2023-07-10
OAuth 2.0 for First-Party Native Applications draft-parecki-oauth-first-party-native-apps-00	2023-07-07
JSON Web Token (JWT) Embedded Tokens draft-yusef-oauth-nested-jwt-07	2023-06-25
OAuth 2.0 Client ID Scheme draft-looker-oauth-client-id-scheme	2023-05-15

RFCs

OAuth 2.0 Step Up Authentication Challenge Protocol RFC 9470	2023-06-26
OAuth 2.0 Demonstrating Proof of Possession (DPoP) RFC 9449	2023-04-13
OAuth 2.0 Rich Authorization Requests RFC 9396	2023-01-30
JWK Thumbprint URI RFC 9278	2022-06-02
OAuth 2.0 Authorization Server Issuer Identification RFC 9207	2022-01-11
OAuth 2.0 Pushed Authorization Requests RFC 9126	2021-07-29
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) RFC 9101	2021-04-08
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens RFC 9068	2021-05-25
JSON Web Token Best Current Practices RFC 8725 Best Current Practice	2019-10-13
Resource Indicators for OAuth 2.0 RFC 8707	2019-09-11
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens RFC 8705	2019-08-23
OAuth 2.0 Token Exchange RFC 8693	2019-07-21
OAuth 2.0 Device Authorization Grant RFC 8628	2019-03-11
OAuth 2.0 Authorization Server Metadata RFC 8414	2018-03-04
OAuth 2.0 for Native Apps RFC 8252 Best Current Practice	2017-06-09
Authentication Method Reference Values RFC 8176	2017-03-13
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) RFC 7800	2015-12-19
OAuth 2.0 Token Introspection RFC 7662	2015-07-04
Proof Key for Code Exchange by OAuth Public Clients RFC 7636	2015-07-10
OAuth 2.0 Dynamic Client Registration Management Protocol RFC 7592 Experimental	2015-05-05
OAuth 2.0 Dynamic Client Registration Protocol RFC 7591	2015-05-28
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants RFC 7523	2014-11-12
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants RFC 7522	2014-11-12
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants RFC 7521	2014-10-21
JSON Web Token (JWT) RFC 7519	2014-12-10
OAuth 2.0 Token Revocation RFC 7009	2013-07-13
OAuth 2.0 Threat Model and Security Considerations RFC 6819 Informational	2012-10-06
An IETF URN Sub-Namespace for OAuth RFC 6755 Informational	2012-07-16
The OAuth 2.0 Authorization Framework: Bearer Token Usage RFC 6750	2012-08-01
The OAuth 2.0 Authorization Framework RFC 6749	2012-08-01