What’s New In OAuth 2.1?

Read the original article: What’s New In OAuth 2.1?


The OAuth 2.1 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. The OAuth 2.1 specification replaces and obsoletes the OAuth 2.0 Authorization Framework described in RFC 6749.

The OAuth 2.1 specification consolidates the functionality in OAuth 2.0 (RFC6749), OAuth 2.0 for Native Apps (RFC8252), Proof Key for Code Exchange (RFC7636), OAuth 2.0 for Browser-Based Apps, OAuth Security Best Current Practice, and Bearer Token Usage (RFC6750).


Read the original article: What’s New In OAuth 2.1?