Reciprocal OAuth

Document Type Expired Internet-Draft (oauth WG)
Last updated 2019-04-22 (latest revision 2018-10-19)
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


There are times when a user has a pair of protected resources that would like to request access to each other. While OAuth flows typically enable the user to grant a client access to a protected resource, granting the inverse access requires an additional flow. Reciprocal OAuth enables a more seamless experience for the user to grant access to a pair of protected resources.


Dick Hardt (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)