Sign in
Version 5.13.0, 2015-03-25
Report a bug

OAuth 2.0 Message Authentication Code (MAC) Tokens

Document type: Expired Internet-Draft (oauth WG)
Document stream: IETF
Last updated: 2014-07-21 (latest revision 2014-01-15)
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

IETF State: WG Document
Document shepherd: Barry Leiba

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:


This specification describes how to use MAC Tokens in HTTP requests to access OAuth 2.0 protected resources. An OAuth client willing to access a protected resource needs to demonstrate possession of a cryptographic key by using it with a keyed message digest function to the request. The document also defines a key distribution protocol for obtaining a fresh session key.


Justin Richer <>
William Mills <>
Hannes Tschofenig <>
Phil Hunt <>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)