OAuth Working Group Specifications

Current active drafts in the OAuth working group

Active Drafts

SD-JWT-based Verifiable Credentials (SD-JWT VC)
draft-ietf-oauth-sd-jwt-vc-01
2024-12-03
Token Status List
draft-ietf-oauth-status-list-00
2024-12-03
The OAuth 2.1 Authorization Framework
draft-ietf-oauth-v2-1-09
2024-11-15
Selective Disclosure for JWTs (SD-JWT)
draft-ietf-oauth-selective-disclosure-jwt-07
2024-11-15
OAuth 2.0 Attestation-Based Client Authentication
draft-ietf-oauth-attestation-based-client-auth-01
2024-10-21
OAuth 2.0 for Browser-Based Applications
draft-ietf-oauth-browser-based-apps-15
2024-10-20
OAuth 2.0 Protected Resource Metadata
draft-ietf-oauth-resource-metadata-01
RFC Ed Queue
2024-10-15
OAuth 2.0 for First-Party Applications
draft-ietf-oauth-first-party-apps
2024-10-08
Cross-Device Flows: Security Best Current Practice
draft-ietf-oauth-cross-device-security-04
2024-07-08
OAuth Identity and Authorization Chaining Across Domains
draft-ietf-oauth-identity-chaining
2024-07-08
Transaction Tokens
draft-ietf-oauth-transaction-tokens-00
2024-07-04
OAuth 2.0 Security Best Current Practice
draft-ietf-oauth-security-topics-24
RFC Ed Queue
2024-06-03
JWT Response for OAuth Token Introspection
draft-ietf-oauth-jwt-introspection-response
RFC Ed Queue
2021-09-04


Active Individual Drafts

OAuth 2.0 Client ID Scheme
draft-parecki-oauth-client-id-scheme
2024-11-06
Identity Assertion Authorization Grant
draft-parecki-oauth-identity-assertion-authz-grant
2024-10-20
OAuth Profile for Open Public Clients
draft-jenkins-oauth-public
2024-10-15
Global Token Revocation
draft-parecki-oauth-global-token-revocation-01
2024-09-22
Proof of Issuer Key Authority (PIKA)
draft-barnes-oauth-pika
2024-07-08
OAuth Client ID Metadata Document
draft-parecki-oauth-client-id-metadata-document
2024-07-08
AuthZEN Request/Response Profile for OAuth 2.0 Rich Authorization Requests
draft-brossard-oauth-rar-authzen
2024-07-08
OAuth Status Assertions
draft-demarco-oauth-status-assertions
2024-06-18


RFCs

OAuth 2.0 Step Up Authentication Challenge Protocol
RFC 9470
OAuth 2.0 Demonstrating Proof of Possession (DPoP)
RFC 9449
OAuth 2.0 Rich Authorization Requests
RFC 9396
JWK Thumbprint URI
RFC 9278
OAuth 2.0 Authorization Server Issuer Identification
RFC 9207
OAuth 2.0 Pushed Authorization Requests
RFC 9126
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
RFC 9101
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
RFC 9068
JSON Web Token Best Current Practices
RFC 8725
Best Current Practice
Resource Indicators for OAuth 2.0
RFC 8707
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
RFC 8705
OAuth 2.0 Token Exchange
RFC 8693
OAuth 2.0 Device Authorization Grant
RFC 8628
OAuth 2.0 Authorization Server Metadata
RFC 8414
OAuth 2.0 for Native Apps
RFC 8252
Best Current Practice
Authentication Method Reference Values
RFC 8176
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
RFC 7800
OAuth 2.0 Token Introspection
RFC 7662
Proof Key for Code Exchange by OAuth Public Clients
RFC 7636
OAuth 2.0 Dynamic Client Registration Management Protocol
RFC 7592
Experimental
OAuth 2.0 Dynamic Client Registration Protocol
RFC 7591
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7523
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7522
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7521
JSON Web Token (JWT)
RFC 7519
OAuth 2.0 Token Revocation
RFC 7009
OAuth 2.0 Threat Model and Security Considerations
RFC 6819
Informational
An IETF URN Sub-Namespace for OAuth
RFC 6755
Informational
The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 6750
The OAuth 2.0 Authorization Framework
RFC 6749