| rfc9700v3.txt | rfc9700.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) T. Lodderstedt | Internet Engineering Task Force (IETF) T. Lodderstedt | |||
| Request for Comments: 9700 SPRIND | Request for Comments: 9700 SPRIND | |||
| BCP: 240 J. Bradley | BCP: 240 J. Bradley | |||
| Updates: 6749, 6750, 6819 Yubico | Updates: 6749, 6750, 6819 Yubico | |||
| Category: Best Current Practice A. Labunets | Category: Best Current Practice A. Labunets | |||
| ISSN: 2070-1721 Independent Researcher | ISSN: 2070-1721 Independent Researcher | |||
| D. Fett | D. Fett | |||
| Authlete | Authlete | |||
| November 2024 | January 2025 | |||
| Best Current Practice for OAuth 2.0 Security | Best Current Practice for OAuth 2.0 Security | |||
| Abstract | Abstract | |||
| This document describes best current security practice for OAuth 2.0. | This document describes best current security practice for OAuth 2.0. | |||
| It updates and extends the threat model and security advice given in | It updates and extends the threat model and security advice given in | |||
| RFCs 6749, 6750, and 6819 to incorporate practical experiences | RFCs 6749, 6750, and 6819 to incorporate practical experiences | |||
| gathered since OAuth 2.0 was published and covers new threats | gathered since OAuth 2.0 was published and covers new threats | |||
| relevant due to the broader application of OAuth 2.0. Further, it | relevant due to the broader application of OAuth 2.0. Further, it | |||
| skipping to change at line 40 ¶ | skipping to change at line 40 ¶ | |||
| received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
| Internet Engineering Steering Group (IESG). Further information on | Internet Engineering Steering Group (IESG). Further information on | |||
| BCPs is available in Section 2 of RFC 7841. | BCPs is available in Section 2 of RFC 7841. | |||
| Information about the current status of this document, any errata, | Information about the current status of this document, any errata, | |||
| and how to provide feedback on it may be obtained at | and how to provide feedback on it may be obtained at | |||
| https://www.rfc-editor.org/info/rfc9700. | https://www.rfc-editor.org/info/rfc9700. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2025 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Revised BSD License text as described in Section 4.e of the | include Revised BSD License text as described in Section 4.e of the | |||
| Trust Legal Provisions and are provided without warranty as described | Trust Legal Provisions and are provided without warranty as described | |||
| End of changes. 2 change blocks. | ||||
| 2 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||