Signing HTTP Messages - A generic HTTP message signing spec.passkeys are a new way to sign in to services without a password.Authorization Server Issuer Identification - RFC 9207, indicates the authorization server identifier in the authorization response.
SAML2 Bearer Assertion - RFC 7522, for integrating with existing identity systems.They will likely change before they are finalized as RFCs or BCPs. The specs below are either experimental or in draft status and are still active working group items. Private Key JWT - (RFC 7521, RFC 7521, OpenID).Demonstration of Proof of Possession (DPoP).Pushed Authorization Requests (PAR) - RFC 9126.These specs are used to add additional security properties on top of OAuth 2.0. Dynamic Client Registration Management - Experimental RFC 7592, for updating and managing dynamically registered OAuth clients.Dynamic Client Registration - RFC 7591, to programmatically register OAuth clients.Authorization Server Metadata - RFC 8414, for clients to discover OAuth endpoints and authorization server capabilities.Token Revocation - RFC 7009, to signal that a previously obtained token is no longer needed.Token Introspection - RFC 7662, to determine the active state and meta-information of a token.JWT Profile for Access Tokens - RFC 9068, a standard for structured access tokens.Device Authorization Grant - OAuth for devices with no browser or no keyboard.Browser-Based Apps - Recommendations for using OAuth with browser-based apps (e.g.Native Apps - Recommendations for using OAuth with native apps.Threat Model and Security Considerations - RFC 6819.Client Types - Confidential and Public Applications.
0 kommentar(er)
