The OAuth 2.0 Authorization Framework
RFC 6749, “The OAuth 2.0 Authorization Framework”, is a Proposed Standard document published in October 2012 by D. Hardt. It obsoletes RFC 5849. It has since been updated by RFC 8252, RFC 8996, RFC 9700. The canonical text is published by the RFC Editor.
Abstract
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 6749 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6748 Optional Advanced Deployment Scenarios for the Identifier-Locator Network Protocol
- RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage
- RFC 6747 Address Resolution Protocol for the Identifier-Locator Network Protocol for IPv4
- RFC 6751 Native IPv6 behind IPv4-to-IPv4 NAT Customer Premises Equipment
- RFC 6746 IPv4 Options for the Identifier-Locator Network Protocol
- RFC 6752 Issues with Private IP Addressing in the Internet
- RFC 6745 ICMP Locator Update Message for the Identifier-Locator Network Protocol for IPv4
- RFC 6753 A Location Dereference Protocol Using HTTP-Enabled Location Delivery