Skip to main content

OAuth 2.0 for First-Party Native Applications

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Aaron Parecki , George Fletcher , Pieter Kasselman
Last updated 2023-10-20 (Latest revision 2023-07-07)
Replaced by draft-parecki-oauth-first-party-apps
RFC stream (None)
Intended RFC status (None)
Additional resources GitHub Repository
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-parecki-oauth-first-party-apps
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document defines the Authorization Challenge Endpoint, which supports a first-party native client that wants to control the process of obtaining authorization from the user using a native experience. In many cases, this can provide an entirely browserless OAuth 2.0 experience suited for native applications, only delegating to the browser in unexpected, high risk, or error conditions.


Aaron Parecki
George Fletcher
Pieter Kasselman

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)