RFC 6819 · INFORMATIONAL · 2013
SUN · 14 JUN 2026
OAuth 2.0 Threat Model and Security Considerations
Overview
RFC 6819, “OAuth 2.0 Threat Model and Security Considerations”, is an Informational document published in January 2013 by T. Lodderstedt, M. McGloin, P. Hunt. It has since been updated by RFC 9700. The canonical text is published by the RFC Editor.
Abstract
This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification, based on a comprehensive threat model for the OAuth 2.0 protocol. This document is not an Internet Standards Track specification; it is published for informational purposes.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
Read this RFC
The canonical text of RFC 6819 is hosted at rfc-editor.org. Available in TXT,HTML.
Relationships to other RFCs
Other RFCs from 2013
- RFC 6818 Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile
- RFC 6820 Address Resolution Problems in Large Data Center Networks
- RFC 6824 TCP Extensions for Multipath Operation with Multiple Addresses
- RFC 6825 Traffic Engineering Database Management Information Base in Support of MPLS-TE/GMPLS
- RFC 6812 Cisco Service-Level Assurance Protocol
- RFC 6826 Multipoint LDP In-Band Signaling for Point-to-Multipoint and Multipoint-to-Multipoint Label Switched Paths
- RFC 6811 BGP Prefix Origin Validation
- RFC 6827 Automatically Switched Optical Network Routing for OSPFv2 Protocols