OAuth 2.0

OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.

OAuth2.0是授权的行业标准协议。OAuth2.0关注于客户机开发人员的简单性，同时为web应用程序、桌面应用程序、移动电话和客厅设备提供特定的授权流。本规范及其扩展正在ietf oauth工作组中开发。

Questions, suggestions and protocol changes should be discussed on the mailing list.

问题、建议和方案变更应在邮件列表中讨论。

OAuth 2.0

• OAuth 2.0 Framework - RFC 6749
  • OAuth Scope
• OAuth Grant Types
  • Authorization Code
  • PKCE
  • Client Credentials
  • Device Code
  • Refresh Token
  • Legacy: Implicit Flow
  • Legacy: Password Grant
• Client Types - Confidential and Public Applications
• Bearer Tokens - RFC 6750
• Threat Model and Security Considerations - RFC 6819
• OAuth Security Best Current Practice

Mobile and Other Devices

• Native Apps - Recommendations for using OAuth with native apps
• Browser-Based Apps - Recommendations for using OAuth with browser-based apps (e.g. an SPA)
• Device Authorization Grant - OAuth for devices with no browser or no keyboard

Token and Token Management

Discovery and Registration

Experimental and Draft Specs

Related Specs and Extensions

Community Resources

Protocols Built on OAuth 2.0

Code and Services

OAuth 2.1

Legacy

数组交集