A Method for Signing HTTP Requests for OAuth

Document Type Expired Internet-Draft (oauth WG)
Last updated 2017-02-09 (latest revision 2016-08-08)
Replaces draft-richer-oauth-signed-http-request
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document (wg milestone: Jul 2017 - Submit 'A Method for... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document a method for offering data origin authentication and integrity protection of HTTP requests. To convey the relevant data items in the request a JSON-based encapsulation is used and the JSON Web Signature (JWS) technique is re-used. JWS offers integrity protection using symmetric as well as asymmetric cryptography.


Justin Richer (ietf@justin.richer.org)
John Bradley (ve7jtb@ve7jtb.com)
Hannes Tschofenig (Hannes.Tschofenig@gmx.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)