OAuth 2.0 for Browser-Based Apps

Document Type Expired Internet-Draft (oauth WG)
Authors Aaron Parecki  , David Waite 
Last updated 2021-04-05 (latest revision 2020-10-02)
Replaces draft-parecki-oauth-browser-based-apps
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document (wg milestone: Oct 2021 - Submit "OAuth 2.0 fo... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This specification details the security considerations and best practices that must be taken into account when developing browser- based applications that use OAuth 2.0.


Aaron Parecki (aaron@parecki.com)
David Waite (david@alkaline-solutions.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)