Web Authorization Protocol (oauth)

• About
• Documents
• Meetings
• History
• Photos
• Email expansions
• List archive »

	Document	Date	Status	IPR	AD/Shepherd
	Active Internet-Drafts (11 hits)
	27 pages draft-ietf-oauth-attestation-based-client-auth-06 OAuth 2.0 Attestation-Based Client Authentication	2025-07-07 New	I-D Exists WG Document
	68 pages draft-ietf-oauth-browser-based-apps-25 OAuth 2.0 for Browser-Based Applications	2025-07-03 New	RFC Ed Queue : MISSREF Submitted to IESG for Publication : Best Current Practice Reviews: httpdir IETF Last Call secdir IETF Last Call opsdir IETF Last Call rtgdir IETF Last Call artart IETF Last Call genart IETF Last Call secdir IETF Last Call Oct 2021		Deb Cooley Rifaat Shekh-Yusef
	58 pages draft-ietf-oauth-cross-device-security-10 Cross-Device Flows: Security Best Current Practice	2025-06-17	I-D Exists WG Consensus: Waiting for Write-Up		Hannes Tschofenig
	37 pages draft-ietf-oauth-first-party-apps-01 OAuth 2.0 for First-Party Applications	2025-04-24	I-D Exists WG Document
	27 pages draft-ietf-oauth-identity-chaining-05 OAuth Identity and Authorization Chaining Across Domains	2025-07-03 New	I-D Exists WG Document
	14 pages draft-ietf-oauth-rfc7523bis-01 Updates to Audience Values for OAuth 2.0 Authorization Servers	2025-04-23	I-D Exists WG Document
	56 pages draft-ietf-oauth-sd-jwt-vc-10 SD-JWT-based Verifiable Credentials (SD-JWT VC)	2025-07-07 New	I-D Exists WG Document
	96 pages draft-ietf-oauth-selective-disclosure-jwt-22 Selective Disclosure for JWTs (SD-JWT)	2025-05-29	RFC Ed Queue : EDIT Submitted to IESG for Publication : Proposed Standard Reviews: artart opsdir IETF Last Call artart IETF Last Call secdir IETF Last Call genart IETF Last Call		Deb Cooley Hannes Tschofenig
	73 pages draft-ietf-oauth-status-list-12 Token Status List (TSL)	2025-07-07 New	I-D Exists WG Consensus: Waiting for Write-Up		Rifaat Shekh-Yusef
	32 pages draft-ietf-oauth-transaction-tokens-05 Transaction Tokens	2025-03-03	I-D Exists WG Document
	97 pages draft-ietf-oauth-v2-1-13 The OAuth 2.1 Authorization Framework	2025-05-28	I-D Exists WG Document Jul 2021
	Expired Internet-Drafts (10 hits)
	7 pages draft-ietf-oauth-closing-redirectors-00 OAuth 2.0 Security: Closing Open Redirectors in OAuth	2016-02-04	Expired WG Document : Best Current Practice
	9 pages draft-ietf-oauth-distributed-01 Distributed OAuth	2018-10-19	Expired WG Document
	11 pages draft-ietf-oauth-incremental-authz-04 OAuth 2.0 Incremental Authorization	2020-05-03	Expired WG Document
	14 pages draft-ietf-oauth-mix-up-mitigation-01 OAuth 2.0 Mix-Up Mitigation	2016-07-07	Expired WG Document
	23 pages draft-ietf-oauth-pop-architecture-08 OAuth 2.0 Proof-of-Possession (PoP) Security Architecture	2016-07-08	Expired Submitted to IESG for Publication : Informational Reviews: opsdir IETF Last Call opsdir IETF Last Call genart genart secdir		Kathleen Moriarty Kepeng Li
	17 pages draft-ietf-oauth-pop-key-distribution-07 OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution	2019-03-27	Expired WG Document : Proposed Standard		Kepeng Li
	8 pages draft-ietf-oauth-reciprocal-04 Reciprocal OAuth	2019-08-01	Expired In WG Last Call		Rifaat Shekh-Yusef
	13 pages draft-ietf-oauth-signed-http-request-03 A Method for Signing HTTP Requests for OAuth	2016-08-08	Expired WG Document
	30 pages draft-ietf-oauth-token-binding-08 OAuth 2.0 Token Binding	2018-10-19	Expired WG Document
	37 pages draft-ietf-oauth-v2-http-mac-05 OAuth 2.0 Message Authentication Code (MAC) Tokens	2014-01-15	Expired WG Document		Barry Leiba
	RFCs (33 hits)
	76 pages RFC 6749 The OAuth 2.0 Authorization Framework Errata	2012-10	Proposed Standard RFC Updated by rfc8252, rfc8996, rfc9700	4	Stephen Farrell
	18 pages RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage Errata	2012-10	Proposed Standard RFC Updated by rfc8996, rfc9700	2	Stephen Farrell
	5 pages RFC 6755 An IETF URN Sub-Namespace for OAuth	2012-10	Informational RFC		Stephen Farrell
	71 pages RFC 6819 OAuth 2.0 Threat Model and Security Considerations Errata	2013-01	Informational RFC Updated by rfc9700		Stephen Farrell
	11 pages RFC 7009 OAuth 2.0 Token Revocation Errata	2013-08	Proposed Standard RFC		Stephen Farrell
	30 pages RFC 7519 JSON Web Token (JWT) Errata	2015-05	Proposed Standard RFC Updated by rfc7797, rfc8725		Kathleen Moriarty
	20 pages RFC 7521 Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants	2015-05	Proposed Standard RFC		Kathleen Moriarty
	15 pages RFC 7522 Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants	2015-05	Proposed Standard RFC		Kathleen Moriarty
	12 pages RFC 7523 JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants	2015-05	Proposed Standard RFC		Kathleen Moriarty
	39 pages RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol Errata	2015-07	Proposed Standard RFC		Kathleen Moriarty
	18 pages RFC 7592 OAuth 2.0 Dynamic Client Registration Management Protocol	2015-07	Experimental RFC		Kathleen Moriarty
	20 pages RFC 7636 Proof Key for Code Exchange by OAuth Public Clients Errata	2015-09	Proposed Standard RFC		Kathleen Moriarty
	17 pages RFC 7662 OAuth 2.0 Token Introspection Errata	2015-10	Proposed Standard RFC		Kathleen Moriarty
	15 pages RFC 7800 Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) Errata	2016-04	Proposed Standard RFC		Kathleen Moriarty
	15 pages RFC 8176 Authentication Method Reference Values	2017-06	Proposed Standard RFC		Kathleen Moriarty
	21 pages RFC 8252 OAuth 2.0 for Native Apps Errata	2017-10	Best Current Practice RFC Also known as BCP 212		Kathleen Moriarty
	23 pages RFC 8414 OAuth 2.0 Authorization Server Metadata Errata	2018-06	Proposed Standard RFC		Eric Rescorla
	21 pages RFC 8628 OAuth 2.0 Device Authorization Grant Errata	2019-08	Proposed Standard RFC		Roman Danyliw
	27 pages RFC 8693 OAuth 2.0 Token Exchange Errata	2020-01	Proposed Standard RFC		Roman Danyliw
	24 pages RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens	2020-02	Proposed Standard RFC		Roman Danyliw
	11 pages RFC 8707 Resource Indicators for OAuth 2.0 Errata	2020-02	Proposed Standard RFC		Roman Danyliw
	13 pages RFC 8725 JSON Web Token Best Current Practices	2020-02	Best Current Practice RFC Also known as BCP 225		Roman Danyliw
	15 pages RFC 9068 JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens	2021-10	Proposed Standard RFC		Roman Danyliw
	25 pages RFC 9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)	2021-08	Proposed Standard RFC		Roman Danyliw
	18 pages RFC 9126 OAuth 2.0 Pushed Authorization Requests Errata	2021-09	Proposed Standard RFC		Roman Danyliw
	9 pages RFC 9207 OAuth 2.0 Authorization Server Issuer Identification	2022-03	Proposed Standard RFC		Roman Danyliw
	6 pages RFC 9278 JWK Thumbprint URI	2022-08	Proposed Standard RFC		Roman Danyliw
	38 pages RFC 9396 OAuth 2.0 Rich Authorization Requests	2023-05	Proposed Standard RFC		Roman Danyliw
	39 pages RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) Errata	2023-09	Proposed Standard RFC		Roman Danyliw
	14 pages RFC 9470 OAuth 2.0 Step Up Authentication Challenge Protocol Errata	2023-09	Proposed Standard RFC		Roman Danyliw
	46 pages RFC 9700 Best Current Practice for OAuth 2.0 Security	2025-01	Best Current Practice RFC Also known as BCP 240		Roman Danyliw
	13 pages RFC 9701 JSON Web Token (JWT) Response for OAuth Token Introspection	2025-01	Proposed Standard RFC		Roman Danyliw
	25 pages RFC 9728 OAuth 2.0 Protected Resource Metadata	2025-04	Proposed Standard RFC		Deb Cooley
	Related Internet-Drafts and RFCs (19 hits)
	6 pages draft-campbell-oauth-rfc7523redux-00 Updates to OAuth 2.0 Client Asseertion Authentication and Assertion Based Authorization Grants	2025-03-20	I-D Exists
	11 pages draft-kasselman-oauth-dcr-trusted-issuer-token-01 OAuth 2.0 Dynamic Client Registration with Trusted Issuer Credentials	2025-06-24	I-D Exists
	16 pages draft-kasselman-oauth-spiffe-01 OAuth Client Registration on First Use with SPIFFE	2025-06-24	I-D Exists
	17 pages draft-lombardo-oauth-client-extension-claims-02 OAuth 2.0 client extension claims	2025-06-30 New	I-D Exists
	22 pages draft-lombardo-oauth-step-up-authz-challenge-proto-02 OAuth 2.0 step-up authorization challenge proto	2025-06-30 New	I-D Exists
	11 pages draft-parecki-oauth-client-id-metadata-document-02 OAuth Client ID Metadata Document	2025-01-09 Expires soon	I-D Exists
	9 pages draft-parecki-oauth-client-id-prefix-00 OAuth 2.0 Client ID Prefix	2025-07-04 New	I-D Exists
	10 pages draft-parecki-oauth-client-id-scheme-01 OAuth 2.0 Client ID Scheme	2025-02-07	I-D Exists
	28 pages draft-parecki-oauth-identity-assertion-authz-grant-05 Identity Assertion Authorization Grant	2025-07-02 New	I-D Exists
	9 pages draft-richer-oauth-pushed-client-registration-00 OAuth Pushed Client Registration	2025-04-22	I-D Exists
	4 pages draft-richer-oauth-tmb-claim-01 Deferred Key Binding for OAuth	2025-06-27	I-D Exists
	10 pages draft-rosenberg-oauth-aauth-00 AAuth - Agentic Authorization OAuth 2.1 Extension	2025-07-07 New	I-D Exists
	16 pages draft-schwenkschuster-oauth-spiffe-client-auth-00 OAuth SPIFFE Client Authentication	2025-07-01 New	I-D Exists
	18 pages draft-sheffer-oauth-rfc8725bis-01 JSON Web Token Best Current Practices	2025-05-23	I-D Exists
	8 pages draft-song-oauth-ai-agent-authorization-00 OAuth2.0 Extention for AI Agent: Authorization on Target	2025-07-04 New	I-D Exists
	8 pages draft-watson-oauth-refresh-token-expiration-00 OAuth 2.0 Refresh Token and Consent Expiration	2025-06-27	I-D Exists
	8 pages draft-watson-oauth-rich-error-response-00 Rich OAuth Error Responses	2025-07-01 New	I-D Exists
	24 pages draft-wuertele-oauth-security-topics-update-01 Updates to OAuth 2.0 Security Best Current Practice	2025-06-16	I-D Exists
	16 pages draft-zehavi-oauth-app2app-browserless-03 OAuth 2.0 App2App Browserless Flow	2025-06-25	I-D Exists