issues
search
oauth-wg
/
oauth-v2-1
OAuth 2.1 is a consolidation of the core OAuth 2.0 specs
https://oauth.net/2.1/
Other
53
stars
27
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Add something in Access Token Privilege Restriction about the first-party use case
#87
aaronpk
opened
3 years ago
1
What happens to the registries defined by 6749 and 6750 when this supersedes them?
#86
aaronpk
opened
3 years ago
1
Should we tell RSs to ignore access tokens passed in the query string?
#85
aaronpk
closed
3 years ago
3
Clarify scope of "Insufficient_scope" error
#84
aaronpk
closed
3 years ago
3
Better term for a Bearer token that also has PoP
#83
aaronpk
closed
3 years ago
2
Clarify what should happen to authorization codes on an error response
#82
aaronpk
closed
10 months ago
6
Make sure TLS 1.0 and 1.1 are not referenced
#81
aaronpk
closed
3 years ago
1
Use iss+sub, not just sub, to identify resource owner
#80
manger
closed
3 years ago
3
Require authorization endpoint to be accessible by the user agent
#79
aaronpk
closed
3 years ago
1
Refactoring (move refresh token into grant section)
#78
tlodderstedt
closed
3 years ago
1
Prohibit sending access token as URI query parameter?
#77
mpeck12
closed
3 years ago
1
Potential new Security Consideration - Malicious Clients (Consent Phishing)
#76
mpeck12
opened
3 years ago
0
Fix typo in section 9.7
#75
mpeck12
closed
3 years ago
0
Consistency with other statement. See #71
#74
ioggstream
closed
3 years ago
0
Reword circular definition in Client Authentication. See #71
#73
ioggstream
closed
3 years ago
0
Add user agent to Notational conventions. See #71.
#72
ioggstream
closed
3 years ago
0
Editorial improvements
#71
ioggstream
closed
3 years ago
0
Incorporate editorial feedback from Justin and Vittorio's reviews
#70
aaronpk
opened
3 years ago
1
Incorporate changes for Errata ID 5793
#69
adeinega
closed
3 years ago
1
Incorporate changes for Errata ID 3446
#68
adeinega
closed
3 years ago
2
Changes for https://www.rfc-editor.org/errata/eid5793
#67
adeinega
closed
3 years ago
0
Changes for https://www.rfc-editor.org/errata/eid3446
#66
adeinega
closed
3 years ago
0
single use authorization code
#65
tlodderstedt
closed
2 years ago
12
Move normative text from security considerations inline in the doc
#64
aaronpk
opened
3 years ago
1
How to handle refresh token requests when the RO revokes specific scopes?
#63
aaronpk
opened
3 years ago
3
Clarify limits on new access tokens issued from refresh tokens
#62
aaronpk
opened
3 years ago
3
Move refresh token section into the section with the other grants
#61
aaronpk
closed
3 years ago
3
Access token error response
#60
aaronpk
closed
1 year ago
1
Clarify limits and caveats on access token formats
#59
aaronpk
closed
10 months ago
2
Clarify differences in refresh token responses
#58
aaronpk
opened
3 years ago
4
Clarify extension grants
#57
aaronpk
closed
3 years ago
3
Restrictions on authorization code content
#56
aaronpk
closed
3 years ago
3
Clean up authorization code flow diagram
#55
aaronpk
closed
2 years ago
2
Drop redirect_uri as a required parameter in the token request?
#54
aaronpk
closed
1 year ago
10
Consider removing "flow" language
#53
aaronpk
closed
3 years ago
2
RFC2617 is obsoleted by RFC7235
#52
ioggstream
closed
3 years ago
0
editorial: use the ::boilerplate macro for bcp14
#51
ioggstream
closed
3 years ago
4
Reference HTTP Semantics instead of messaging
#50
ioggstream
closed
3 years ago
0
Reference obsoleted/impacted specs. See #28
#49
ioggstream
opened
3 years ago
1
1.2. Protocol Flow - figure 1 is misleading
#48
tlodderstedt
opened
3 years ago
2
Fix mnr typos
#47
adeinega
closed
3 years ago
1
add iss authorisation response parameter
#46
tlodderstedt
closed
2 years ago
2
Referencing OIDC implicit flows
#45
tlodderstedt
closed
3 years ago
2
require scope in the access token response
#44
aaronpk
closed
3 years ago
3
add a reference to CORS support on the token endpoint
#43
aaronpk
closed
2 years ago
2
clarify "unregistered client"
#42
aaronpk
closed
2 years ago
1
drop explicit requirement/mention of client_ids
#41
aaronpk
closed
2 years ago
8
require HTTPS redirect URLs
#40
aaronpk
closed
2 years ago
7
clarify case sensitivity of redirect URI string matching
#39
aaronpk
opened
3 years ago
6
The client MUST NOT use more than one authentication method
#38
aaronpk
closed
3 years ago
8
Previous
Next