oauth.net/specs/
oauth.net/specs/
Current active drafts in the OAuth working group
|
The OAuth 2.1 Authorization Framework
draft-ietf-oauth-v2-1 |
|
|
Cross-Device Flows: Security Best Current Practice
draft-ietf-oauth-cross-device-security RFC Ed Queue |
|
|
OAuth 2.0 Attestation-Based Client Authentication
draft-ietf-oauth-attestation-based-client-auth |
|
|
Transaction Tokens
draft-ietf-oauth-transaction-tokens |
|
|
Updates to OAuth 2.0 JSON Web Token (JWT) Client Authentication and Assertion-Based Authorization Grants
draft-ietf-oauth-rfc7523bis AD Evaluation::Revised I-D Needed |
|
|
JSON Web Token Best Current Practices
draft-ietf-oauth-rfc8725bis |
|
|
Identity Assertion JWT Authorization Grant
draft-ietf-oauth-identity-assertion-authz-grant |
|
|
OAuth Client ID Metadata Document
draft-ietf-oauth-client-id-metadata-document |
|
|
Updates to OAuth 2.0 Security Best Current Practice
draft-ietf-oauth-security-topics-update |
|
|
OAuth SPIFFE Client Authentication
draft-ietf-oauth-spiffe-client-auth |
|
|
OAuth 2.0 for First-Party Applications
draft-ietf-oauth-first-party-apps |
|
|
OAuth 2.0 Refresh Token and Authorization Expiration
draft-ietf-oauth-refresh-token-expiration |
|
|
SD-JWT-based Verifiable Digital Credentials (SD-JWT VC)
draft-ietf-oauth-sd-jwt-vc |
|
|
Token Status List (TSL)
draft-ietf-oauth-status-list IESG Evaluation::AD Followup |
|
|
OAuth Identity and Authorization Chaining Across Domains
draft-ietf-oauth-identity-chaining AD Evaluation |
|
|
OAuth 2.0 for Browser-Based Applications
draft-ietf-oauth-browser-based-apps RFC Ed Queue |
|
|
Attenuating Authorization Tokens for Agentic Delegation Chains
draft-niyikiza-oauth-attenuating-agent-tokens |
|
|
Sovereign Policy Token Transactions (SPT-Txn)
draft-coetzee-oauth-spt-txn-tokens |
|
|
OAuth 2.0 Delegated Authorization
draft-li-oauth-delegated-authorization |
|
|
OAuth 2.0 Rich Authorization Requests for AS-Attested User Certificates
draft-chu-oauth-as-attested-user-cert |
|
|
OAuth 2.0 Resource Parameter in Access Token Response
draft-mcguinness-oauth-resource-token-resp |
|
|
Resource Indicator Response Parameter for OAuth 2.0
draft-skokan-oauth-resource-response |
|
|
Delegated Agent Authorization Protocol (DAAP)
draft-mishra-oauth-agent-grants |
|
|
OAuth2.0 Extension for Multi-AI Agent Collaboration
draft-song-oauth-ai-agent-collaborate-authz |
|
|
Structured and Constraint Extensions for OAuth Scopes
draft-chen-oauth-scope-agent-extensions |
|
|
Additional Hash Algorithms for OAuth 2.0 PKCE and Proof-of-Possession
draft-skokan-oauth-additional-hashes |
|
|
Global Token Revocation
draft-parecki-oauth-global-token-revocation |
|
|
Update to OAuth 2.0 Protected Resource Metadata Resource Identifier Validation
draft-mcguinness-oauth-rfc9728bis |
|
|
OAuth 2.0 RAR Metadata and Error Signaling
draft-zehavi-oauth-rar-metadata |
|
|
OAuth 2.0 direct interaction for native clients using federation
draft-zehavi-oauth-native-clients-federation |
|
|
OAuth 2.0 Scope Aggregation for Multi-Step AI Agent Workflows
draft-jia-oauth-scope-aggregation |
|
|
Agent Authorization Profile (AAP) for OAuth 2.0
draft-aap-oauth-profile |
|
|
Policy and Lifecycle Extensions for OAuth Rich Authorization Requests
draft-chen-oauth-rar-agent-extensions |
|
|
OAuth 2.0 JWT Authorization Grant with DPoP Binding
draft-parecki-oauth-jwt-dpop-grant |
|
|
OAuth 2.1 Government Content Access Control
draft-fx-oauth-government-content-access-control |
|
|
OAuth 2.0 Extension for AI Model Access
draft-hemanth-oauth-ai-scopes |
|
|
OAuth Trust Binding Extension (OTBE)
draft-fulz-oauth-trust-binding |
|
|
OAuth Authorization Management URI
draft-emelia-oauth-authorization-management-uri |
|
|
OAuth 2.0 Web Message Response Mode for Popup- and Iframe-based Authorization Flows
draft-meyerzuselha-oauth-web-message-response-mode-00 |
|
|
Agent-to-Agent (A2A) Profile for OAuth Transaction Tokens
draft-liu-oauth-a2a-profile |
|
|
AAuth - Agentic Authorization OAuth 2.1 Extension
draft-rosenberg-oauth-aauth |
|
|
OAuth 2.0 Entity Profiles
draft-mora-oauth-entity-profiles |
|
|
OAuth 2.0 App2App Browser-less Flow
draft-zehavi-oauth-app2app-browserless |
|
|
Separating DPoP Bindings for Access and Refresh Tokens
draft-rosomakho-oauth-dpop-rt |
|
|
Updates to OAuth 2.0 Security Best Current Practice
draft-wuertele-oauth-security-topics-update |
|
|
DPoP for the OAuth 2.0 Device Authorization Grant
draft-parecki-oauth-dpop-device-flow |
|
|
Application-Agnostic Demonstration Proof of Possession (DPoP) Framework
draft-nandakumar-oauth-dpop-proof |
|
|
Selective Disclosure for JSON Web Tokens
RFC 9901 |
|
|
OAuth 2.0 Protected Resource Metadata
RFC 9728 |
|
|
JSON Web Token (JWT) Response for OAuth Token Introspection
RFC 9701 |
|
|
Best Current Practice for OAuth 2.0 Security
RFC 9700 Best Current Practice |
|
|
OAuth 2.0 Step Up Authentication Challenge Protocol
RFC 9470 |
|
|
OAuth 2.0 Demonstrating Proof of Possession (DPoP)
RFC 9449 |
|
|
OAuth 2.0 Rich Authorization Requests
RFC 9396 |
|
|
JWK Thumbprint URI
RFC 9278 |
|
|
OAuth 2.0 Authorization Server Issuer Identification
RFC 9207 |
|
|
OAuth 2.0 Pushed Authorization Requests
RFC 9126 |
|
|
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
RFC 9101 |
|
|
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
RFC 9068 |
|
|
JSON Web Token Best Current Practices
RFC 8725 Best Current Practice |
|
|
Resource Indicators for OAuth 2.0
RFC 8707 |
|
|
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
RFC 8705 |
|
|
OAuth 2.0 Token Exchange
RFC 8693 |
|
|
OAuth 2.0 Device Authorization Grant
RFC 8628 |
|
|
OAuth 2.0 Authorization Server Metadata
RFC 8414 |
|
|
OAuth 2.0 for Native Apps
RFC 8252 Best Current Practice |
|
|
Authentication Method Reference Values
RFC 8176 |
|
|
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
RFC 7800 |
|
|
OAuth 2.0 Token Introspection
RFC 7662 |
|
|
Proof Key for Code Exchange by OAuth Public Clients
RFC 7636 |
|
|
OAuth 2.0 Dynamic Client Registration Management Protocol
RFC 7592 Experimental |
|
|
OAuth 2.0 Dynamic Client Registration Protocol
RFC 7591 |
|
|
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7523 |
|
|
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7522 |
|
|
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7521 |
|
|
JSON Web Token (JWT)
RFC 7519 |
|
|
OAuth 2.0 Token Revocation
RFC 7009 |
|
|
OAuth 2.0 Threat Model and Security Considerations
RFC 6819 Informational |
|
|
An IETF URN Sub-Namespace for OAuth
RFC 6755 Informational |
|
|
The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 6750 |
|
|
The OAuth 2.0 Authorization Framework
RFC 6749 |
|