Hello all, on Tuesday we published a new revision of the OAuth 2.1 draft in advance of the interim meeting next week.
The main changes are documented in the changelog section but are summarized below as well: * Added explicit mention of not sending access tokens in URI query strings * Clarifications on definition of client types * Consolidated text around loopback vs localhost * Editorial clarifications throughout the document There are still a number of outstanding issues we are aware of, and have highlighted a few of them for discussion during the session next week. Aaron On Tue, Oct 5, 2021 at 5:19 PM <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : The OAuth 2.1 Authorization Framework > Authors : Dick Hardt > Aaron Parecki > Torsten Lodderstedt > Filename : draft-ietf-oauth-v2-1-04.txt > Pages : 85 > Date : 2021-10-05 > > Abstract: > The OAuth 2.1 authorization framework enables a third-party > application to obtain limited access to an HTTP service, either on > behalf of a resource owner by orchestrating an approval interaction > between the resource owner and an authorization service, or by > allowing the third-party application to obtain access on its own > behalf. This specification replaces and obsoletes the OAuth 2.0 > Authorization Framework described in RFC 6749. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-04.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-1-04 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth