OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 supersedes the work done on the original OAuth protocol created in 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.
- OpenID Connect Core 1.0 incorporating errata set 1 - OpenID Connect core
- OAuth 2.0 Multiple Response Type Encoding Practices - OpenID Connect multiple response types
- OAuth 2.0 Form Post Response Mode - Form post response mode
- OAuth 2.0 Threat Model and Security Considerations - Information on all sorts of threats in OAuth 2.0 specification.
- JSON Web Key (JWK) - Enable federated OAuth 2.0 provider clusters.
- OAuth 2.0 Token Introspection - Used as reference to implement de-reference opaque token to JWT.
- OAuth 2.0 Token Revocation - Revoke access token and refresh token when they are compromised.