%% You should probably cite draft-ietf-oauth-native-apps instead of this I-D.
@techreport{wdenniss-oauth-native-apps-02,
    number =    {draft-wdenniss-oauth-native-apps-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-wdenniss-oauth-native-apps/02/},
    author =    {William Denniss and John Bradley},
    title =     {{OAuth 2.0 for Native Apps}},
    pagetotal = 16,
    year =      2016,
    month =     feb,
    day =       4,
    abstract =  {OAuth 2.0 authorization requests from native apps should only be made through external user-agents such as the system browser (including via an in-app browser tab). This specification details the security and usability reasons why this is the case, and how native apps and authorization servers can implement this best practice.},
}