OAuth Working Group Specifications

Current active drafts in the OAuth working group

Active Drafts

Transaction Tokens
draft-ietf-oauth-transaction-tokens-00
2024-06-21
Selective Disclosure for JWTs (SD-JWT)
draft-ietf-oauth-selective-disclosure-jwt-07
2024-06-13
OAuth 2.0 Security Best Current Practice
draft-ietf-oauth-security-topics-24
RFC Ed Queue
2024-06-03
OAuth 2.0 Attestation-Based Client Authentication
draft-ietf-oauth-attestation-based-client-auth-01
2024-05-31
The OAuth 2.1 Authorization Framework
draft-ietf-oauth-v2-1-09
2024-05-15
Cross-Device Flows: Security Best Current Practice
draft-ietf-oauth-cross-device-security-04
2024-05-13
OAuth 2.0 Protected Resource Metadata
draft-ietf-oauth-resource-metadata-01
2024-05-03
OAuth 2.0 for Browser-Based Applications
draft-ietf-oauth-browser-based-apps-15
2024-05-01
SD-JWT-based Verifiable Credentials (SD-JWT VC)
draft-ietf-oauth-sd-jwt-vc-01
2024-03-04
Token Status List
draft-ietf-oauth-status-list-00
2024-03-04
OAuth Identity and Authorization Chaining Across Domains
draft-ietf-oauth-identity-chaining
2024-02-19
JWT Response for OAuth Token Introspection
draft-ietf-oauth-jwt-introspection-response
RFC Ed Queue
2021-09-04


Active Individual Drafts

OAuth Status Assertions
draft-demarco-oauth-status-assertions
2024-06-18
OAuth Profile for Open Public Clients
draft-jenkins-oauth-public
2024-05-17
OAuth 2.0 Delegated B2B Authorization
draft-janicijevic-oauth-b2b-authorization
2024-05-13
Proof of Issuer Key Authority (PIKA)
draft-barnes-oauth-pika
2024-04-09
Global Token Revocation
draft-parecki-oauth-global-token-revocation-01
2024-03-21
Identity Assertion Authorization Grant
draft-parecki-oauth-identity-assertion-authz-grant
2024-03-02
OAuth 2.0 for First-Party Applications
draft-parecki-oauth-first-party-apps-00
2024-03-01
Cedar Profile for OAuth 2.0 Rich Authorization Requests
draft-cecchetti-oauth-rar-cedar
2024-02-21
OAuth Cookie Response Mode
draft-hanson-oauth-cookie-response-mode
2024-02-16
OAuth 2.0 Nonce Endpoint
draft-demarco-oauth-nonce-endpoint
2024-02-06
JSON Web Token (JWT) Embedded Tokens
draft-yusef-oauth-nested-jwt-08
2023-12-24


RFCs

OAuth 2.0 Step Up Authentication Challenge Protocol
RFC 9470
OAuth 2.0 Demonstrating Proof of Possession (DPoP)
RFC 9449
OAuth 2.0 Rich Authorization Requests
RFC 9396
JWK Thumbprint URI
RFC 9278
OAuth 2.0 Authorization Server Issuer Identification
RFC 9207
OAuth 2.0 Pushed Authorization Requests
RFC 9126
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
RFC 9101
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
RFC 9068
JSON Web Token Best Current Practices
RFC 8725
Best Current Practice
Resource Indicators for OAuth 2.0
RFC 8707
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
RFC 8705
OAuth 2.0 Token Exchange
RFC 8693
OAuth 2.0 Device Authorization Grant
RFC 8628
OAuth 2.0 Authorization Server Metadata
RFC 8414
OAuth 2.0 for Native Apps
RFC 8252
Best Current Practice
Authentication Method Reference Values
RFC 8176
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
RFC 7800
OAuth 2.0 Token Introspection
RFC 7662
Proof Key for Code Exchange by OAuth Public Clients
RFC 7636
OAuth 2.0 Dynamic Client Registration Management Protocol
RFC 7592
Experimental
OAuth 2.0 Dynamic Client Registration Protocol
RFC 7591
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7523
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7522
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7521
JSON Web Token (JWT)
RFC 7519
OAuth 2.0 Token Revocation
RFC 7009
OAuth 2.0 Threat Model and Security Considerations
RFC 6819
Informational
An IETF URN Sub-Namespace for OAuth
RFC 6755
Informational
The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 6750
The OAuth 2.0 Authorization Framework
RFC 6749