Term · 28. International Regulations
OAuth 2.1 OAuth 2.1
Definition
IETF draft consolidating OAuth 2.0 (RFC 6749) with security best practices and deprecating insecure patterns: removes implicit flow, removes resource owner password credentials grant, requires PKCE for all clients, requires exact redirect URI matching. Industry consensus security baseline replacing OAuth 2.0 RFC 6749 plus the various best-current-practice RFCs.
- Synonyms
-
- OAuth 2.1 draft
- Consolidated OAuth
- Application
- Regulatory: IETF RFC (e.g., 7519 JWT, 6749 OAuth 2.0)
- Standards & regulations
-
- IETF
- Sources
-
- OAuth 2.1 (IETF draft) primary source
Related terms
-
DPoP (Demonstration of Proof of Possession) (DPoP)
Demonstration of Proof-of-Possession — IETF RFC 9449, OAuth 2.0 mechanism binding an access token to a private key held …
-
FAPI 2.0 (Financial-grade API) (FAPI 2.0)
OpenID Foundation Financial-grade API Security Profile 2.0 — high-security authorization profile for financial APIs (ope …
-
Kerberos
Network authentication protocol developed at MIT (Kerberos v5: IETF RFC 4120, 2005) using symmetric-key cryptography and …
-
mTLS (mutual TLS) (mTLS)
Mutual TLS — both client and server authenticate each other via certificates during TLS handshake. RFC 8705 specifies OA …
-
OIDC PAR (Pushed Authorization Requests) (PAR)
OAuth 2.0 Pushed Authorization Requests — IETF RFC 9126. Client sends authorization request parameters directly to the a …
-
OpenID Connect (OIDC)
Identity layer on top of OAuth 2.0 (OpenID Foundation, OIDC Core 1.0). Provides standardized authentication via JWT ID t …