Skip to main content

A Method for Signing an HTTP Requests for OAuth

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Justin Richer , John Bradley , Hannes Tschofenig
Last updated 2014-07-15 (Latest revision 2014-04-24)
Replaced by draft-ietf-oauth-signed-http-request
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Proposed Standard
Stream WG state (None)
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-oauth-signed-http-request
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD Kathleen Moriarty
Send notices to

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document a method for offering data origin authentication and integrity protection of HTTP requests. To convey the relevant data items in the request a JSON-based encapsulation is used and the JSON Web Signature (JWS) technique is re-used. JWS offers integrity protection using symmetric as well as asymmetric cryptography.


Justin Richer
John Bradley
Hannes Tschofenig

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)