RFC 6749 - The OAuth 2.0 Authorization Framework
Document Information
- RFC Number: 6749
- Title: The OAuth 2.0 Authorization Framework
- Published: October 2012
- Author: D. Hardt, Ed. (Microsoft)
- Status: Standards Track
- Obsoletes: RFC 5849
- Updated by: RFC 7636 (PKCE), RFC 8252 (Native Apps)
Abstract
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at ````http://www.rfc-editor.org/info/rfc6749\````.
Table of Contents
- 1. Introduction
- 2. Client Registration
- 3. Protocol Endpoints
- 4. Obtaining Authorization
- 5. Issuing an Access Token
- 6. Refreshing an Access Token
- 7. Accessing Protected Resources
- 8. Extensibility
- 9. Native Applications
- 10. Security Considerations
- 11. IANA Considerations
- 12. References
Related Resources
- Official Text: RFC 6749
- Official Page: RFC 6749 DataTracker
- Errata: RFC Editor Errata