Reciprocal OAuth

Document Type Expired Internet-Draft (individual)
Author Dick Hardt 
Last updated 2018-07-20 (latest revision 2018-01-16)
Replaces draft-hardt-mutual-oauth
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


There are times when a user has a pair of protected resources that would like to request access to each other. While OAuth flows typically enable the user to grant a client access to a protected resource, granting the inverse access requires an additional flow. Reciprocal OAuth enables a more seemless experience for the user to grant access to a pair of protected resources.


Dick Hardt (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)