A new Request for Comments is now available in online RFC libraries.
BCP 240
RFC 9700
Title: Best Current Practice for OAuth 2.0 Security
Author: T. Lodderstedt,
J. Bradley,
A. Labunets,
D. Fett
Status: Best Current Practice
Stream: IETF
Date: January 2025
Mailbox: tors...@lodderstedt.net,
ve7...@ve7jtb.com,
isciu...@gmail.com,
m...@danielfett.de
Pages: 46
Updates: RFC 6749, RFC 6750, RFC 6819
See Also: BCP 240
I-D Tag: draft-ietf-oauth-security-topics-29.txt
URL: https://www.rfc-editor.org/info/rfc9700
DOI: 10.17487/RFC9700
This document describes best current security practice for OAuth 2.0.
It updates and extends the threat model and security advice given in
RFCs 6749, 6750, and 6819 to incorporate practical experiences
gathered since OAuth 2.0 was published and covers new threats
relevant due to the broader application of OAuth 2.0. Further, it
deprecates some modes of operation that are deemed less secure or
even insecure.
This document is a product of the Web Authorization Protocol Working Group of
the IETF.
BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-edi...@rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
