Skip to content

Draft 08
Compare
Choose a tag to compare
@aaronpk aaronpk released this 13 Mar 22:41
· 108 commits to main since this release
draft-ietf-oauth-v2-1-08
d384ca0
  • Swap "by a trusted party" with "by an outside party" in client ID definition
  • Replaced "verify the identity of the resource owner" with "authenticate"
  • Clarified refresh token rotation to match RFC6819
  • Added appendix to hold application/x-www-form-urlencoded examples
  • Fixed references to entries in appendix
  • Incorporated new "Phishing via AS" section from Security BCP
  • Rephrase description of the motivation for client authentication
  • Moved "scope" parameter in token request into specific grant types to match OAuth 2.0
  • Updated Clickjacking and Open Redirection description from the latest version of the Security BCP
  • Moved normative requirements out of authorization code security considerations section
  • Security considerations clarifications, and removed a duplicate section
  • Updated acknowledgments
Assets 2
Loading