Specifications: RFC 6749 and RFC 6750 - Grants and access tokens | RFC 7519 - JSON Web Tokens (JWTs) - see also RFC 7515, RFC 7516, RFC 7517, RFC 7518 and RFC 7520 | RFC 7662 - introspection/access token verification | RFC 7636 - PKCE

Specialized standards:

OAuth2 Security Best Practices

OAuth IETF Working Group

Reading

Dan Moore

Future

OAuth 2.1 - This specification consolidates best practices around security and usability which have been added to OAuth over the years since it was released. The authors have explicitly ruled out any breaking changes or radical modifications.

GNAP - A reimagination of the OAuth protocol, in the same way that OAuth2 was a reimagining of earlier protocols. This early draft includes breaking changes such as introducing new software actors and changing the core communication format from form parameters to JSON.


Tags: format   distribution   security   authentication  

Last modified 01 January 2023