oauth-v2-1
oauth-v2-1 copied to clipboard
oauth-wg
OAuth 2.1 is a consolidation of the core OAuth 2.0 specs
## This draft PR - clarifies redirection and request/response terminology
Some comments from Vittorio about that here: https://mailarchive.ietf.org/arch/msg/oauth/RP71xU8P4WLLIx0NcQMnw4gHScQ/
A bit about OAuth adoption in scenarios beyond its original scope (e.g. Open Banking).
We may need some additional client registration metadata parameters in order to enforce some of the non-optional things in 2.1 while allowing 2.0 clients to still treat them as optional....
## I expect An updated ref to NIST SP publication. ## Instead The I-D cites NIST SP 800-63-1 withdrawn in 2013 Note: 800-63-2 was Withdrawn on June 22, 2017. Superseded...
In a discussion with OAuth implementers the following issue was raised: The first messages of the flow show that the client obtains the grant from the resource owner and passes...
We need to figure out exactly what and how this draft replaces and obsoletes according to the IETF processes. Given the number of drafts that it's rolling up we need...
from Vittorio: --- §1.2 I always found this part extraordinarily difficult to decipher. I get that this is the first description and doesn’t have to be exhaustive and consider all...
## I suggest - to align to the https://httpwg.org/admin/editors/style-guide for editorial consistency with HTTP specification
Sections 7-13 are remaining * Vittorio: https://mailarchive.ietf.org/arch/msg/oauth/RP71xU8P4WLLIx0NcQMnw4gHScQ/ * Justin: https://mailarchive.ietf.org/arch/msg/oauth/Ex2eSkHBAKnmP0cFIyzEywLzeDk/