RFC 8252 · BEST CURRENT PRACTICE · 2017
SUN · 14 JUN 2026
OAuth 2.0 for Native Apps
Overview
RFC 8252, “OAuth 2.0 for Native Apps”, is a Best Current Practice document published in October 2017 by W. Denniss, J. Bradley. It updates RFC 6749. The canonical text is published by the RFC Editor.
Abstract
OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user's browser. This specification details the security and usability reasons why this is the case and how native apps and authorization servers can implement this best practice.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
Read this RFC
The canonical text of RFC 8252 is hosted at rfc-editor.org. Available in TXT,HTML.
Relationships to other RFCs
Other RFCs from 2017
- RFC 8251 Updates to the Opus Audio Codec
- RFC 8253 PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol
- RFC 8250 IPv6 Performance and Diagnostic Metrics Destination Option
- RFC 8254 Uniform Resource Name Namespace Registration Transition
- RFC 8249 Transparent Interconnection of Lots of Links : MTU Negotiation
- RFC 8255 Multiple Language Content Type
- RFC 8248 Security Automation and Continuous Monitoring Requirements
- RFC 8256 Requirements for Hitless MPLS Path Segment Monitoring