…s Acknowledgements Authors' Addresses 1. Introduction Since its publication in [RFC6749] and [RFC6750], OAuth 2.0 (referred to as simply "OAuth" in this document) has gained massive traction in the market and became the standard for API protection and the basis for federated logi…

… an access token, which is defined in "The OAuth 2.0 Authorization Framework" [ RFC6749 ] as "a string representing an access authorization issued to the client", rather than using the resource owner's credentials directly. Tokens are issued to clients by an authorization server …

…g an access token, which is defined in "The OAuth 2.0 Authorization Framework" [RFC6749] as "a string representing an access authorization issued to the client", rather than using the resource owner's credentials directly. Tokens are issued to clients by an authorization server w…

… an access token, which is defined in "The OAuth 2.0 Authorization Framework" [ RFC6749 ] as "a string representing an access authorization issued to the client", rather than using the resource owner's credentials directly. Tokens are issued to clients by an authorization server …

… an access token, which is defined in "The OAuth 2.0 Authorization Framework" [ RFC6749 ] as "a string representing an access authorization issued to the client", rather than using the resource owner's credentials directly. Tokens are issued to clients by an authorization server …

…ds Track [Page 2] RFC 7636 OAUTH PKCE September 2015 . Introduction OAuth 2.0 [ RFC6749 ] public clients are susceptible to the authorization code interception attack. In this attack, the attacker intercepts the authorization code returned from the authorization endpoint within a…

… Token Revocation August 2013 1. Introduction The OAuth 2.0 core specification [RFC6749] defines several ways for a client to obtain refresh and access tokens. This specification supplements the core specification with a mechanism to revoke both types of tokens. A token is a stri…

…oken Revocation August 2013 1 . Introduction The OAuth 2.0 core specification [ RFC6749 ] defines several ways for a client to obtain refresh and access tokens. This specification supplements the core specification with a mechanism to revoke both types of tokens. A token is a str…

…ense rules apply. Abstract IndieAuth is an identity layer on top of OAuth 2.0 [ RFC6749 ], primarily used to obtain an OAuth 2.0 Bearer Token [ RFC6750 ] for use by [ Micropub ] clients. End-Users and Clients are all represented by URLs. IndieAuth enables Clients to verify the id…

…ecification, based on a comprehensive threat model for the OAuth 2.0 protocol [ RFC6749 ]. It contains the following content: o Documents any assumptions and scope considered when creating the threat model. o Describes the security features built into the OAuth protocol and how t…

…ement Version 1.0 Abstract IndieAuth is an identity layer on top of OAuth 2.0 [ RFC6749 ], primarily used to obtain an OAuth 2.0 Bearer Token [ RFC6750 ] for use by [ Micropub ] clients. End-Users and Clients are all represented by URLs. IndieAuth enables Clients to verify the id…

…is out of scope. Since the publication of the OAuth 2.0 Authorization Framework RFC6749 in October 2012, it has been updated by OAuth 2.0 for Native Apps RFC8252 OAuth Security Best Current Practice RFC9700 and OAuth 2.0 for Browser-Based Apps I-D.ietf-oauth-browser-based-apps Th…

…h 2.0 Dynamic Registration July 2015 . Introduction In order for an OAuth 2.0 [ RFC6749 ] client to utilize an OAuth 2.0 authorization server, the client needs specific information to interact with the server, including an OAuth 2.0 client identifier to use at that server. This s…

…h 2.0 Dynamic Registration July 2015 . Introduction In order for an OAuth 2.0 [ RFC6749 ] client to utilize an OAuth 2.0 authorization server, the client needs specific information to interact with the server, including an OAuth 2.0 client identifier to use at that server. This s…

…2.0 is a federated authorization framework that defines an extension OAuth 2.0 [RFC6749] grant type and uses OAuth and federated identity technologies in various other ways. It defines how resource owners can control protected-resource access by clients used by arbitrary requesti…