Skip to main content

Reciprocal OAuth

Document Type Expired Internet-Draft (oauth WG)
Expired & archived
Author Dick Hardt
Last updated 2020-02-02 (Latest revision 2019-08-01)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state In WG Last Call
Document shepherd Rifaat Shekh-Yusef
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to Rifaat Shekh-Yusef <>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


There are times when a user has a pair of protected resources that would like to request access to each other. While OAuth flows typically enable the user to grant a client access to a protected resource, granting the inverse access requires an additional flow. Reciprocal OAuth enables a more seamless experience for the user to grant access to a pair of protected resources.


Dick Hardt

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)