Web Authorization Protocol (oauth)
| Document | Date | Status | IPR | AD/Shepherd | |
|---|---|---|---|---|---|
| Active Internet-Drafts (10 hits) | |||||
|
29 pages
draft-ietf-oauth-attestation-based-client-auth-07
OAuth 2.0 Attestation-Based Client Authentication |
2025-09-15 |
I-D Exists
WG Document |
|
||
|
12 pages
draft-ietf-oauth-client-id-metadata-document-00
OAuth Client ID Metadata Document |
2025-10-08 |
I-D Exists
WG Document |
|
||
|
37 pages
draft-ietf-oauth-first-party-apps-02
OAuth 2.0 for First-Party Applications |
2025-10-20 |
I-D Exists
WG Document |
|
||
|
32 pages
draft-ietf-oauth-identity-assertion-authz-grant-01
Identity Assertion JWT Authorization Grant |
2025-10-19 |
I-D Exists
WG Document |
|
||
|
27 pages
draft-ietf-oauth-identity-chaining-06
OAuth Identity and Authorization Chaining Across Domains |
2025-09-12 |
I-D Exists
In WG Last Call |
|
||
|
14 pages
draft-ietf-oauth-rfc7523bis-03
Updates to OAuth 2.0 JSON Web Token (JWT) Client Authentication and Assertion-Based Authorization Grants |
2025-10-07 |
I-D Exists
WG Document |
|
||
|
21 pages
draft-ietf-oauth-rfc8725bis-02
JSON Web Token Best Current Practices |
2025-11-07
New
|
I-D Exists
WG Document |
|
||
|
62 pages
draft-ietf-oauth-sd-jwt-vc-13
SD-JWT-based Verifiable Credentials (SD-JWT VC) |
2025-11-06
New
|
I-D Exists
WG Document |
|
||
|
32 pages
draft-ietf-oauth-transaction-tokens-06
Transaction Tokens |
2025-07-28 |
I-D Exists
WG Document |
|
||
|
99 pages
draft-ietf-oauth-v2-1-14
The OAuth 2.1 Authorization Framework |
2025-10-19 |
I-D Exists
WG Document Jul 2021 |
|
||
| Active with the IESG Internet-Drafts (4 hits) | |||||
|
68 pages
draft-ietf-oauth-browser-based-apps-25
OAuth 2.0 for Browser-Based Applications |
2025-07-03 |
RFC Ed Queue
: MISSREF
126
Submitted to IESG for Publication : Best Current Practice Reviews: httpdir IETF Last Call secdir IETF Last Call opsdir IETF Last Call rtgdir IETF Last Call artart IETF Last Call genart IETF Last Call secdir IETF Last Call Oct 2021 |
Deb Cooley
Rifaat Shekh-Yusef |
||
|
59 pages
draft-ietf-oauth-cross-device-security-12
Cross-Device Flows: Security Best Current Practice |
2025-09-05 |
Publication Requested
8
Submitted to IESG for Publication : Best Current Practice Action Holder: Deb Cooley |
Deb Cooley
Hannes Tschofenig |
||
|
96 pages
draft-ietf-oauth-selective-disclosure-jwt-22
Selective Disclosure for JWTs (SD-JWT) |
2025-05-29 |
RFC Ed Queue
: EDIT
158
Submitted to IESG for Publication : Proposed Standard Reviews: artart opsdir IETF Last Call artart IETF Last Call secdir IETF Last Call genart IETF Last Call |
Deb Cooley
Hannes Tschofenig |
||
|
76 pages
draft-ietf-oauth-status-list-13
Token Status List (TSL) |
2025-10-20 |
Waiting for AD Go-Ahead
Submitted to IESG for Publication : Proposed Standard Reviews: genart IETF Last Call artart IETF Last Call secdir IETF Last Call Action Holder: Deb Cooley |
Deb Cooley
Rifaat Shekh-Yusef |
||
| Expired Internet-Drafts (10 hits) | |||||
|
7 pages
draft-ietf-oauth-closing-redirectors-00
OAuth 2.0 Security: Closing Open Redirectors in OAuth |
2016-02-04 |
Expired
WG Document : Best Current Practice |
|
||
|
9 pages
draft-ietf-oauth-distributed-01
Distributed OAuth |
2018-10-19 |
Expired
WG Document |
|
||
|
11 pages
draft-ietf-oauth-incremental-authz-04
OAuth 2.0 Incremental Authorization |
2020-05-03 |
Expired
WG Document |
|
||
|
14 pages
draft-ietf-oauth-mix-up-mitigation-01
OAuth 2.0 Mix-Up Mitigation |
2016-07-07 |
Expired
WG Document |
|
||
|
23 pages
draft-ietf-oauth-pop-architecture-08
OAuth 2.0 Proof-of-Possession (PoP) Security Architecture |
2016-07-08 |
Expired
Submitted to IESG for Publication : Informational Reviews: opsdir IETF Last Call opsdir IETF Last Call genart genart secdir |
Kathleen Moriarty
Kepeng Li |
||
|
17 pages
draft-ietf-oauth-pop-key-distribution-07
OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution |
2019-03-27 |
Expired
WG Document : Proposed Standard |
Kepeng Li |
||
|
8 pages
draft-ietf-oauth-reciprocal-04
Reciprocal OAuth |
2019-08-01 |
Expired
In WG Last Call |
Rifaat Shekh-Yusef |
||
|
13 pages
draft-ietf-oauth-signed-http-request-03
A Method for Signing HTTP Requests for OAuth |
2016-08-08 |
Expired
WG Document |
|
||
|
30 pages
draft-ietf-oauth-token-binding-08
OAuth 2.0 Token Binding |
2018-10-19 |
Expired
WG Document |
|
||
|
37 pages
draft-ietf-oauth-v2-http-mac-05
OAuth 2.0 Message Authentication Code (MAC) Tokens |
2014-01-15 |
Expired
WG Document |
Barry Leiba |
||
| RFCs (33 hits) | |||||
| 76 pages | 2012-10 |
Proposed Standard RFC
Updated by rfc8252, rfc8996, rfc9700 |
4 |
Stephen Farrell
|
|
| 18 pages | 2012-10 |
Proposed Standard RFC
Updated by rfc8996, rfc9700 |
2 |
Stephen Farrell
|
|
|
5 pages
RFC 6755
An IETF URN Sub-Namespace for OAuth |
2012-10 | Informational RFC |
Stephen Farrell
|
||
| 71 pages | 2013-01 |
Informational RFC
Updated by rfc9700 |
Stephen Farrell
|
||
| 11 pages | 2013-08 | Proposed Standard RFC |
Stephen Farrell
|
||
| 30 pages | 2015-05 |
Proposed Standard RFC
Updated by rfc7797, rfc8725 |
Kathleen Moriarty
|
||
|
20 pages
RFC 7521
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants |
2015-05 | Proposed Standard RFC |
Kathleen Moriarty
|
||
|
15 pages
RFC 7522
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants |
2015-05 | Proposed Standard RFC |
Kathleen Moriarty
|
||
|
12 pages
RFC 7523
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants |
2015-05 | Proposed Standard RFC |
Kathleen Moriarty
|
||
| 39 pages | 2015-07 | Proposed Standard RFC |
Kathleen Moriarty
|
||
|
18 pages
RFC 7592
OAuth 2.0 Dynamic Client Registration Management Protocol |
2015-07 | Experimental RFC |
Kathleen Moriarty
|
||
| 20 pages | 2015-09 | Proposed Standard RFC |
Kathleen Moriarty
|
||
| 17 pages | 2015-10 | Proposed Standard RFC |
Kathleen Moriarty
|
||
| 15 pages | 2016-04 | Proposed Standard RFC |
Kathleen Moriarty
|
||
|
15 pages
RFC 8176
Authentication Method Reference Values |
2017-06 | Proposed Standard RFC |
Kathleen Moriarty
|
||
| 21 pages | 2017-10 |
Best Current Practice RFC
Also known as BCP 212 |
Kathleen Moriarty
|
||
| 23 pages | 2018-06 | Proposed Standard RFC |
Eric Rescorla
|
||
| 21 pages | 2019-08 | Proposed Standard RFC |
Roman Danyliw
|
||
| 27 pages | 2020-01 | Proposed Standard RFC |
Roman Danyliw
|
||
|
24 pages
RFC 8705
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens |
2020-02 | Proposed Standard RFC |
Roman Danyliw
|
||
| 11 pages | 2020-02 | Proposed Standard RFC |
Roman Danyliw
|
||
|
13 pages
RFC 8725
JSON Web Token Best Current Practices |
2020-02 |
Best Current Practice RFC
Also known as BCP 225 |
Roman Danyliw
|
||
|
15 pages
RFC 9068
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens |
2021-10 | Proposed Standard RFC |
Roman Danyliw
|
||
|
25 pages
RFC 9101
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) |
2021-08 | Proposed Standard RFC |
Roman Danyliw
|
||
| 18 pages | 2021-09 | Proposed Standard RFC |
Roman Danyliw
|
||
|
9 pages
RFC 9207
OAuth 2.0 Authorization Server Issuer Identification |
2022-03 | Proposed Standard RFC |
Roman Danyliw
|
||
|
6 pages
RFC 9278
JWK Thumbprint URI |
2022-08 | Proposed Standard RFC |
Roman Danyliw
|
||
|
38 pages
RFC 9396
OAuth 2.0 Rich Authorization Requests |
2023-05 | Proposed Standard RFC |
Roman Danyliw
|
||
| 39 pages | 2023-09 | Proposed Standard RFC |
Roman Danyliw
|
||
| 14 pages | 2023-09 | Proposed Standard RFC |
Roman Danyliw
|
||
|
46 pages
RFC 9700
Best Current Practice for OAuth 2.0 Security |
2025-01 |
Best Current Practice RFC
Also known as BCP 240 |
Roman Danyliw
|
||
|
13 pages
RFC 9701
JSON Web Token (JWT) Response for OAuth Token Introspection |
2025-01 | Proposed Standard RFC |
Roman Danyliw
|
||
|
25 pages
RFC 9728
OAuth 2.0 Protected Resource Metadata |
2025-04 | Proposed Standard RFC |
Deb Cooley
|
||
| Related Internet-Drafts and RFCs (24 hits) | |||||
|
11 pages
draft-kasselman-oauth-dcr-trusted-issuer-token-01
OAuth 2.0 Dynamic Client Registration with Trusted Issuer Credentials |
2025-06-24 | I-D Exists |
|
||
|
16 pages
draft-kasselman-oauth-spiffe-01
OAuth Client Registration on First Use with SPIFFE |
2025-06-24 | I-D Exists |
|
||
|
23 pages
draft-li-oauth-delegated-authorization-00
OAuth 2.0 Delegated Authorization |
2025-10-20 | I-D Exists |
|
||
|
5 pages
draft-liu-oauth-a2a-profile-00
Agent-to-Agent (A2A) Profile for OAuth Transaction Tokens |
2025-10-20 | I-D Exists |
|
||
|
17 pages
draft-lombardo-oauth-client-extension-claims-02
OAuth 2.0 client extension claims |
2025-06-30 | I-D Exists |
|
||
|
22 pages
draft-lombardo-oauth-step-up-authz-challenge-proto-02
OAuth 2.0 step-up authorization challenge proto |
2025-06-30 | I-D Exists |
|
||
|
15 pages
draft-mcguinness-oauth-resource-token-resp-00
OAuth 2.0 Resource Parameter in Access Token Response |
2025-07-22 | I-D Exists |
|
||
|
16 pages
draft-meyerzuselha-oauth-web-message-response-mode-01
OAuth 2.0 Web Message Response Mode for Popup- and Iframe-based Authorization Flows |
2025-11-05
New
|
I-D Exists |
|
||
|
27 pages
draft-mora-oauth-entity-profiles-00
OAuth 2.0 Entity Profiles |
2025-10-17 | I-D Exists |
|
||
|
18 pages
draft-nandakumar-oauth-dpop-proof-00
Application-Agnostic Demonstration Proof of Possession (DPoP) Framework |
2025-09-15 | I-D Exists |
|
||
|
9 pages
draft-parecki-oauth-client-id-prefix-00
OAuth 2.0 Client ID Prefix |
2025-07-04 | I-D Exists |
|
||
|
7 pages
draft-parecki-oauth-dpop-device-flow-00
DPoP for the OAuth 2.0 Device Authorization Grant |
2025-09-20 | I-D Exists |
|
||
|
15 pages
draft-parecki-oauth-global-token-revocation-05
Global Token Revocation |
2025-07-28 | I-D Exists |
|
||
|
7 pages
draft-parecki-oauth-jwt-dpop-grant-00
OAuth 2.0 JWT Authorization Grant with DPoP Binding |
2025-10-18 | I-D Exists |
|
||
|
4 pages
draft-richer-oauth-tmb-claim-01
Deferred Key Binding for OAuth |
2025-06-27 | I-D Exists |
|
||
|
10 pages
draft-rosenberg-oauth-aauth-01
AAuth - Agentic Authorization OAuth 2.1 Extension |
2025-10-19 | I-D Exists |
|
||
|
17 pages
draft-rosomakho-oauth-dpop-rt-00
Separating DPoP Bindings for Access and Refresh Tokens |
2025-10-14 | I-D Exists |
|
||
|
18 pages
draft-schwenkschuster-oauth-spiffe-client-auth-01
OAuth SPIFFE Client Authentication |
2025-10-03 | I-D Exists |
|
||
|
8 pages
draft-song-oauth-ai-agent-authorization-00
OAuth2.0 Extention for AI Agent: Authorization on Target |
2025-07-04 | I-D Exists |
|
||
|
8 pages
draft-song-oauth-ai-agent-collaborate-authz-00
OAuth2.0 Extension for Multi-AI Agent Collaboration: Applier-On-Behalf-Of Authorization |
2025-11-05
New
|
I-D Exists |
|
||
|
9 pages
draft-watson-oauth-refresh-token-expiration-01
OAuth 2.0 Refresh Token and Authorization Expiration |
2025-10-17 | I-D Exists |
|
||
|
8 pages
draft-watson-oauth-rich-error-response-00
Rich OAuth Error Responses |
2025-07-01 | I-D Exists |
|
||
|
20 pages
draft-wuertele-oauth-security-topics-update-02
Updates to OAuth 2.0 Security Best Current Practice |
2025-09-29 |
I-D Exists
Call For Adoption By WG Issued |
|
||
|
22 pages
draft-zehavi-oauth-app2app-browserless-07
OAuth 2.0 App2App Browser-less Flow |
2025-10-16 | I-D Exists |
|
||