Skip to main content

OAuth 2.0 for Native Apps

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors William Denniss , John Bradley
Last updated 2016-02-04
Replaced by draft-ietf-oauth-native-apps
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-oauth-native-apps
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


OAuth 2.0 authorization requests from native apps should only be made through external user-agents such as the system browser (including via an in-app browser tab). This specification details the security and usability reasons why this is the case, and how native apps and authorization servers can implement this best practice.


William Denniss
John Bradley

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)