issues
search
oauth-wg
/
oauth-v2-1
OAuth 2.1 is a consolidation of the core OAuth 2.0 specs
https://oauth.net/2.1/
Other
52
stars
27
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
All query parameters should be URL encoded in these two examples
#138
adeinega
closed
1 year ago
0
Mark redirect_uri as a required parameter in the authorization request?
#137
vanbukin
closed
1 year ago
1
Ensure Security BCP recommendations are all incorporated into 2.1
#136
aaronpk
closed
8 months ago
4
UNICODECHARNOCRLF no longer referenced in Syntax
#135
ghost
closed
1 year ago
1
Ambiguous text in Section 2.1
#134
hosamaly
closed
1 year ago
1
Broader CORS recommendations
#133
aaronpk
closed
1 year ago
6
Update link for OMAP spec
#132
aaronpk
closed
2 years ago
1
mention PAR as one option for redirect URI registration at runtime
#131
aaronpk
closed
2 years ago
0
Use numbers in the figure instead of characters
#130
BobHamburg
closed
2 years ago
1
Reference PAR RFC 9126 exception to redirect URI registration
#129
aaronpk
closed
2 years ago
1
Describe OAuth's use of application/x-www-form-urlencoded encoding
#128
panva
closed
6 months ago
22
Token encryption cannot replace TLS. See #64
#127
ioggstream
opened
2 years ago
0
Clean up references to URL vs URI vs application/x-www-form-urlencoded
#126
aaronpk
opened
2 years ago
1
Update references of private_key_jwt to RFC7523
#125
aaronpk
closed
2 years ago
0
client id can be issued by trusted third party
#124
tlodderstedt
closed
2 years ago
2
Remove credentialed client
#123
tlodderstedt
closed
2 years ago
2
Add more security sensitive examples to intro to illustrate suitability
#122
tlodderstedt
opened
2 years ago
2
Add multi factor authentication to OAuth justification
#121
tlodderstedt
closed
2 years ago
0
How can an AS support both 2.0 and 2.1 clients concurrently
#120
aaronpk
opened
2 years ago
1
application/x-www-form-urlencoded is a media type
#119
ioggstream
opened
2 years ago
2
Clarify redirection proposal. See #117.
#118
ioggstream
opened
2 years ago
0
Clarification on redirect
#117
ioggstream
closed
1 year ago
0
HTTP 307. duplicate normative statements
#116
ioggstream
closed
1 year ago
0
Terminology nits
#115
ioggstream
closed
2 years ago
0
Use HTTP style guide
#114
ioggstream
opened
2 years ago
0
Fix: #112. Reference latest HTTP spec RFC9110.
#113
ioggstream
closed
2 years ago
2
HTTP is not RFC9110. RFC723x are now obsoleted
#112
ioggstream
closed
2 years ago
0
Fix some typos
#111
adeinega
closed
2 years ago
0
Fix minor incorrect references
#110
falko17
closed
2 years ago
0
the refresh token response and the scope parameter
#109
adeinega
closed
1 year ago
1
Should auth-param in WWW-Authenticate be optional?
#108
johakoch
opened
2 years ago
1
Remove "credentialed client" term
#107
aaronpk
closed
2 years ago
4
authorization servers MUST support Private-Use URI Scheme Redirection?
#106
jogu
closed
2 years ago
1
Mnr changes for the abstract
#104
adeinega
closed
2 years ago
0
limited access to an HTTP service
#103
adeinega
closed
2 years ago
0
mention whether native clients should be allowed to be upgraded?
#102
aaronpk
closed
2 years ago
1
Drop requirement that bearer tokens must expire?
#101
aaronpk
closed
2 years ago
1
Authorization Request Header Field: CRLF Injections
#100
lauritzh
opened
2 years ago
5
Reorganize Security considerations. See #64
#99
ioggstream
opened
3 years ago
2
Fix: #21. Reorganize TLS parts.
#98
ioggstream
closed
2 years ago
0
Expand differences from OAuth 2.0 section 10
#97
aaronpk
opened
3 years ago
0
add section mentioning removal of implicit flow
#96
aaronpk
closed
3 years ago
0
Security consideration of size of client parameters
#95
dickhardt
opened
3 years ago
1
Update organization
#94
dickhardt
closed
3 years ago
0
Consolidate loopback/localhost language
#93
aaronpk
closed
3 years ago
0
Consider dropping complex authorization code replay mitigations in favor of PKCE
#92
aaronpk
closed
10 months ago
2
Rewrite "Protocol Flow" section to address/acknowledge alternative flows
#91
aaronpk
opened
3 years ago
0
Update references to new RFCs that were previously drafts
#90
aaronpk
closed
2 years ago
1
Clarify that RSs are free to define their own error responses
#89
aaronpk
closed
3 years ago
1
Fix leftover language from RFC6750
#88
aaronpk
closed
3 years ago
0
Previous
Next