The OAuth 2.1 Authorization Framework

The information below is for an old version of the document
Document Type Expired Internet-Draft (oauth WG)
Authors Dick Hardt  , Aaron Parecki  , Torsten Lodderstedt 
Last updated 2021-01-31 (latest revision 2020-07-30)
Replaces draft-parecki-oauth-v2-1
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document (wg milestone: Jul 2021 - Submit "OAuth 2.1 Au... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The OAuth 2.1 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 2.0 Authorization Framework described in RFC 6749.


Dick Hardt (
Aaron Parecki (
Torsten Lodderstedt (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)