OAuth 2.1: How Many RFCs Does it Take to Change a Lightbulb?

The OAuth 2.0 specificiation is a maze of documentation that developers need to understand when getting started on the topic. OAuth 2.1 can help fix this!

developer.okta.com

Dec 13, 2019 · 6:29 PM UTC

vabx · Feb 20, 2020 · 10:00 PM UTC

vabx @VinayBist1

20 Feb 2020

Replying to @aaronpk @oktadev

implicit is good to go ..query on password - If password flow is deprecated then how we achieve those use cases which this was addressing..like migration of legacy clients..which flow we can use for those use cases

Aaron Parecki · Feb 20, 2020 · 10:04 PM UTC

Aaron Parecki @aaronpk

20 Feb 2020

If you're really using the password grant for migration, you can always define your own extension to enable that same migration. In our experience, most implementations did not use it for migrations, and instead made new implementations prompting the user for their password.

Torsten Lodderstedt · Dec 15, 2019 · 8:50 AM UTC

Torsten Lodderstedt @tlodderstedt

15 Dec 2019

Replying to @aaronpk @oktadev

@aaronpk can you please publish your notes from the informal meeting?

Aaron Parecki · Dec 15, 2019 · 4:12 PM UTC

Aaron Parecki @aaronpk

15 Dec 2019

They are here! oauth.net/events/2019-11-iet… Tho I suppose I should email that to the list as well.

more replies

Justin Richer Ⓥ · Dec 14, 2019 · 9:06 PM UTC

Justin Richer Ⓥ @justin__richer

14 Dec 2019

Replying to @aaronpk @tlodderstedt @oktadev

This is misleading. The OAuth WG did not yet agree to do a 2.1 revision, and there's not yet a TxAuth working group. I want both of those things but it's not reality quite yet.

Aaron Parecki · Dec 14, 2019 · 9:24 PM UTC

Aaron Parecki @aaronpk

14 Dec 2019

I can get it changed to say "a potential 2.1". What's the right term for the TX Auth group right now then? datatracker.ietf.org/wg/txau…

more replies