Skip to main content

The OAuth 2.1 Authorization Framework

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Active".
Expired & archived
Authors Dick Hardt , Aaron Parecki , Torsten Lodderstedt
Last updated 2021-01-31 (Latest revision 2020-07-30)
Replaces draft-parecki-oauth-v2-1
RFC stream Internet Engineering Task Force (IETF)
Additional resources Mailing list discussion
Stream WG state WG Document
Associated WG milestone
Jul 2021
Submit "OAuth 2.1 Authorization Framework" to IESG
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The OAuth 2.1 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 2.0 Authorization Framework described in RFC 6749.


Dick Hardt
Aaron Parecki
Torsten Lodderstedt

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)