Skip to main content

Web Authorization Protocol (oauth)

Document Date Status IPR AD/Shepherd
Active Internet-Drafts (11 hits)
27 pages
draft-ietf-oauth-attestation-based-client-auth-06
OAuth 2.0 Attestation-Based Client Authentication
2025-07-07
New
I-D Exists
WG Document

68 pages
draft-ietf-oauth-browser-based-apps-25
OAuth 2.0 for Browser-Based Applications
2025-07-03
New
RFC Ed Queue : MISSREF
Submitted to IESG for Publication : Best Current Practice
Reviews: httpdir IETF Last Call secdir IETF Last Call opsdir IETF Last Call rtgdir IETF Last Call artart IETF Last Call genart IETF Last Call secdir IETF Last Call
Oct 2021
Deb Cooley
Rifaat Shekh-Yusef
58 pages
draft-ietf-oauth-cross-device-security-10
Cross-Device Flows: Security Best Current Practice
2025-06-17
I-D Exists
WG Consensus: Waiting for Write-Up

Hannes Tschofenig
37 pages
draft-ietf-oauth-first-party-apps-01
OAuth 2.0 for First-Party Applications
2025-04-24
I-D Exists
WG Document

27 pages
draft-ietf-oauth-identity-chaining-05
OAuth Identity and Authorization Chaining Across Domains
2025-07-03
New
I-D Exists
WG Document

14 pages
draft-ietf-oauth-rfc7523bis-01
Updates to Audience Values for OAuth 2.0 Authorization Servers
2025-04-23
I-D Exists
WG Document

56 pages
draft-ietf-oauth-sd-jwt-vc-10
SD-JWT-based Verifiable Credentials (SD-JWT VC)
2025-07-07
New
I-D Exists
WG Document

96 pages
draft-ietf-oauth-selective-disclosure-jwt-22
Selective Disclosure for JWTs (SD-JWT)
2025-05-29
RFC Ed Queue : EDIT
Submitted to IESG for Publication : Proposed Standard
Reviews: artart opsdir IETF Last Call artart IETF Last Call secdir IETF Last Call genart IETF Last Call
Deb Cooley
Hannes Tschofenig
73 pages
draft-ietf-oauth-status-list-12
Token Status List (TSL)
2025-07-07
New
I-D Exists
WG Consensus: Waiting for Write-Up

Rifaat Shekh-Yusef
32 pages 2025-03-03
I-D Exists
WG Document

97 pages
draft-ietf-oauth-v2-1-13
The OAuth 2.1 Authorization Framework
2025-05-28
I-D Exists
WG Document
Jul 2021

Expired Internet-Drafts (10 hits)
7 pages
draft-ietf-oauth-closing-redirectors-00
OAuth 2.0 Security: Closing Open Redirectors in OAuth
2016-02-04
Expired
WG Document : Best Current Practice

9 pages 2018-10-19
Expired
WG Document

11 pages
draft-ietf-oauth-incremental-authz-04
OAuth 2.0 Incremental Authorization
2020-05-03
Expired
WG Document

14 pages
draft-ietf-oauth-mix-up-mitigation-01
OAuth 2.0 Mix-Up Mitigation
2016-07-07
Expired
WG Document

23 pages
draft-ietf-oauth-pop-architecture-08
OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
2016-07-08
Expired
Submitted to IESG for Publication : Informational
Reviews: opsdir IETF Last Call opsdir IETF Last Call genart genart secdir
Kathleen Moriarty
Kepeng Li
17 pages
draft-ietf-oauth-pop-key-distribution-07
OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution
2019-03-27
Expired
WG Document : Proposed Standard

Kepeng Li
8 pages 2019-08-01
Expired
In WG Last Call

Rifaat Shekh-Yusef
13 pages
draft-ietf-oauth-signed-http-request-03
A Method for Signing HTTP Requests for OAuth
2016-08-08
Expired
WG Document

30 pages
draft-ietf-oauth-token-binding-08
OAuth 2.0 Token Binding
2018-10-19
Expired
WG Document

37 pages
draft-ietf-oauth-v2-http-mac-05
OAuth 2.0 Message Authentication Code (MAC) Tokens
2014-01-15
Expired
WG Document

Barry Leiba
RFCs (33 hits)
76 pages
RFC 6749
The OAuth 2.0 Authorization Framework Errata
2012-10
Proposed Standard RFC
Updated by rfc8252, rfc8996, rfc9700
4 Stephen Farrell
18 pages
RFC 6750
The OAuth 2.0 Authorization Framework: Bearer Token Usage Errata
2012-10
Proposed Standard RFC
Updated by rfc8996, rfc9700
2 Stephen Farrell
5 pages
RFC 6755
An IETF URN Sub-Namespace for OAuth
2012-10
Informational RFC
Stephen Farrell
71 pages
RFC 6819
OAuth 2.0 Threat Model and Security Considerations Errata
2013-01
Informational RFC
Updated by rfc9700
Stephen Farrell
11 pages
RFC 7009
OAuth 2.0 Token Revocation Errata
2013-08
Proposed Standard RFC
Stephen Farrell
30 pages
RFC 7519
JSON Web Token (JWT) Errata
2015-05
Proposed Standard RFC
Updated by rfc7797, rfc8725
Kathleen Moriarty
20 pages
RFC 7521
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
2015-05
Proposed Standard RFC
Kathleen Moriarty
15 pages
RFC 7522
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
2015-05
Proposed Standard RFC
Kathleen Moriarty
12 pages
RFC 7523
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
2015-05
Proposed Standard RFC
Kathleen Moriarty
39 pages
RFC 7591
OAuth 2.0 Dynamic Client Registration Protocol Errata
2015-07
Proposed Standard RFC
Kathleen Moriarty
18 pages
RFC 7592
OAuth 2.0 Dynamic Client Registration Management Protocol
2015-07
Experimental RFC
Kathleen Moriarty
20 pages
RFC 7636
Proof Key for Code Exchange by OAuth Public Clients Errata
2015-09
Proposed Standard RFC
Kathleen Moriarty
17 pages
RFC 7662
OAuth 2.0 Token Introspection Errata
2015-10
Proposed Standard RFC
Kathleen Moriarty
15 pages
RFC 7800
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) Errata
2016-04
Proposed Standard RFC
Kathleen Moriarty
15 pages
RFC 8176
Authentication Method Reference Values
2017-06
Proposed Standard RFC
Kathleen Moriarty
21 pages
RFC 8252
OAuth 2.0 for Native Apps Errata
2017-10
Best Current Practice RFC
Also known as BCP 212
Kathleen Moriarty
23 pages
RFC 8414
OAuth 2.0 Authorization Server Metadata Errata
2018-06
Proposed Standard RFC
Eric Rescorla
21 pages
RFC 8628
OAuth 2.0 Device Authorization Grant Errata
2019-08
Proposed Standard RFC
Roman Danyliw
27 pages
RFC 8693
OAuth 2.0 Token Exchange Errata
2020-01
Proposed Standard RFC
Roman Danyliw
24 pages
RFC 8705
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
2020-02
Proposed Standard RFC
Roman Danyliw
11 pages
RFC 8707
Resource Indicators for OAuth 2.0 Errata
2020-02
Proposed Standard RFC
Roman Danyliw
13 pages
RFC 8725
JSON Web Token Best Current Practices
2020-02
Best Current Practice RFC
Also known as BCP 225
Roman Danyliw
15 pages
RFC 9068
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
2021-10
Proposed Standard RFC
Roman Danyliw
25 pages
RFC 9101
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
2021-08
Proposed Standard RFC
Roman Danyliw
18 pages
RFC 9126
OAuth 2.0 Pushed Authorization Requests Errata
2021-09
Proposed Standard RFC
Roman Danyliw
9 pages
RFC 9207
OAuth 2.0 Authorization Server Issuer Identification
2022-03
Proposed Standard RFC
Roman Danyliw
6 pages
RFC 9278
JWK Thumbprint URI
2022-08
Proposed Standard RFC
Roman Danyliw
38 pages
RFC 9396
OAuth 2.0 Rich Authorization Requests
2023-05
Proposed Standard RFC
Roman Danyliw
39 pages
RFC 9449
OAuth 2.0 Demonstrating Proof of Possession (DPoP) Errata
2023-09
Proposed Standard RFC
Roman Danyliw
14 pages
RFC 9470
OAuth 2.0 Step Up Authentication Challenge Protocol Errata
2023-09
Proposed Standard RFC
Roman Danyliw
46 pages
RFC 9700
Best Current Practice for OAuth 2.0 Security
2025-01
Best Current Practice RFC
Also known as BCP 240
Roman Danyliw
13 pages
RFC 9701
JSON Web Token (JWT) Response for OAuth Token Introspection
2025-01
Proposed Standard RFC
Roman Danyliw
25 pages
RFC 9728
OAuth 2.0 Protected Resource Metadata
2025-04
Proposed Standard RFC
Deb Cooley
Related Internet-Drafts and RFCs (19 hits)
6 pages
draft-campbell-oauth-rfc7523redux-00
Updates to OAuth 2.0 Client Asseertion Authentication and Assertion Based Authorization Grants
2025-03-20
I-D Exists

11 pages
draft-kasselman-oauth-dcr-trusted-issuer-token-01
OAuth 2.0 Dynamic Client Registration with Trusted Issuer Credentials
2025-06-24
I-D Exists

16 pages
draft-kasselman-oauth-spiffe-01
OAuth Client Registration on First Use with SPIFFE
2025-06-24
I-D Exists

17 pages
draft-lombardo-oauth-client-extension-claims-02
OAuth 2.0 client extension claims
2025-06-30
New
I-D Exists

22 pages
draft-lombardo-oauth-step-up-authz-challenge-proto-02
OAuth 2.0 step-up authorization challenge proto
2025-06-30
New
I-D Exists

11 pages 2025-01-09
Expires soon
I-D Exists

9 pages 2025-07-04
New
I-D Exists

10 pages 2025-02-07
I-D Exists

28 pages
draft-parecki-oauth-identity-assertion-authz-grant-05
Identity Assertion Authorization Grant
2025-07-02
New
I-D Exists

9 pages 2025-04-22
I-D Exists

4 pages
draft-richer-oauth-tmb-claim-01
Deferred Key Binding for OAuth
2025-06-27
New
I-D Exists

10 pages
draft-rosenberg-oauth-aauth-00
AAuth - Agentic Authorization OAuth 2.1 Extension
2025-07-07
New
I-D Exists

16 pages
draft-schwenkschuster-oauth-spiffe-client-auth-00
OAuth SPIFFE Client Authentication
2025-07-01
New
I-D Exists

18 pages
draft-sheffer-oauth-rfc8725bis-01
JSON Web Token Best Current Practices
2025-05-23
I-D Exists

8 pages
draft-song-oauth-ai-agent-authorization-00
OAuth2.0 Extention for AI Agent: Authorization on Target
2025-07-04
New
I-D Exists

8 pages
draft-watson-oauth-refresh-token-expiration-00
OAuth 2.0 Refresh Token and Consent Expiration
2025-06-27
New
I-D Exists

8 pages 2025-07-01
New
I-D Exists

24 pages
draft-wuertele-oauth-security-topics-update-01
Updates to OAuth 2.0 Security Best Current Practice
2025-06-16
I-D Exists

16 pages
draft-zehavi-oauth-app2app-browserless-03
OAuth 2.0 App2App Browserless Flow
2025-06-25
I-D Exists