OAuth 2.0 · Oct 6, 2021 · 12:51 AM UTC

OAuth 2.0

OAuth 2.0 @oauth_2

6 Oct 2021

New version available! "The OAuth 2.1 Authorization Framework" ietf.org/archive/id/draft-ie… by @DickHardt @aaronpk @tlodderstedt #oauth #oauth2 #ietf

Farasath Ahamed · Oct 6, 2021 · 9:41 AM UTC

Farasath Ahamed @farazath619

6 Oct 2021

Noticed that the resource owner password and implicit grants are removed from the 2.1 (For obvious reasons :)) But doesn't that make the OAuth 2.1 framework backward incompatible with OAuth 2.0? OAuth 2.1 kind of gives the feeling its a slight(minor) change from OAuth 2.0

Aaron Parecki · Oct 6, 2021 · 3:17 PM UTC

Aaron Parecki @aaronpk

6 Oct 2021

Password and Implicit are already not part of OAuth 2.0 as described by the Security Best Current Practice. The 2.1 update is leaving them out so that you don't have to first learn about them and then read another doc telling you not to use them.

Farasath Ahamed · Oct 6, 2021 · 3:20 PM UTC

Farasath Ahamed @farazath619

6 Oct 2021

Thanks @aaronpk for the clarification 👍 So OAuth 2.1 is essentially OAuth 2.0 without the naughty bits :)

Aaron Parecki · Oct 6, 2021 · 3:21 PM UTC

Aaron Parecki · Oct 6, 2021 · 3:21 PM UTC

Aaron Parecki @aaronpk

6 Oct 2021

Replying to @farazath619 @oauth_2 @DickHardt @tlodderstedt

That's one way to say it 😂😂😂

Oct 6, 2021 · 3:21 PM UTC