OAuth 2.0 for Browser-Based Apps
draft-parecki-oauth-browser-based-apps-02

Document Type Replaced Internet-Draft (individual)
Last updated 2018-12-08
Replaced by draft-ietf-oauth-browser-based-apps
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-oauth-browser-based-apps
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-parecki-oauth-browser-based-apps-02.txt

Abstract

OAuth 2.0 authorization requests from apps running entirely in a browser are unable to use a Client Secret during the process, since they have no way to keep a secret confidential. This specification details the security considerations that must be taken into account when developing browser-based applications, as well as best practices for how they can securely implement OAuth 2.0.

Authors

Aaron Parecki (aaron@parecki.com)
David Waite (david@alkaline-solutions.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)