<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
OAuth is a an [open standard|RFC 6749], scalable, [RESTful] [Protocol] for [Delegation] of [Authorization] to [server resources|Resource Server] using [HTTP]. 

Generally, OAuth is a solution to the [Password Anti-Pattern].

[{$pagename}] is an evolution of the [OAuth] Protocol and is __NOT__ backward compatible with OAuth 1.0. 

!! [OAuth 2.0 NOT an Authentication protocol]

[{Image src='OAuth 2.0/oauth-not-auththenticaiton.jpg' caption='OAuth Not for Authentication' align=left width=1024 height=552 style='font-size: 120%}]. \\

Remember that [OAuth 2.0 NOT an Authentication protocol] [{$pagename}] provides [Delegation], [Consent] and [Authorization]

!! Developer Simplicity
[{$pagename}] focuses on developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The specification and associated RFCs are being developed within the IETF OAuth WG; the main framework was published in October 2012. 

Of course focuses on developer simplicity invokes the [Law of Complexity] by moving the complexity from the developer realm into the [Authorization Server] and [Resource Server].

[{$pagename}] was expected to be finalized by the end of 2010 according to Eran Hammer. However, due to [discordant views about the evolution of OAuth|http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/|target='_blank'], Hammer left the working group.

The [OAuth 2.0 Framework|RFC 6749] and [Bearer Token Usage|RFC 6750] were published in October 2012. Other documents were and are still being worked on within the OAuth working group.

* [OAuth 2.0 Actors][2]
* [OAuth 2.0 Endpoints]
* [OAuth 2.0 Tokens]
** [Access Token]
** [Refresh Token]
* [OAuth 2.0 Profiles]
* [Grant Types] or [OAuth 2.0 Protocol Flows]
* [OAuth 2.0 Vulnerabilities]

!! [What is missing in OAuth 2.0]
[What is missing in OAuth 2.0].

!! Additional [{$pagename}] [RFCs]
* [RFC 6749] - The [{$pagename}] Core
* [RFC 6750] - [OAuth 2.0 Authorization Framework Bearer Token Usage|RFC 6750]
* [RFC 6819] - [OAuth 2.0 Threat Model and Security Configurations]
* [RFC 6755] - [An IETF URN Sub-Namespace for OAuth|RFC 6755]
* [RFC 7009] - [OAuth 2.0 Token Revocation|RFC 7009]
* [RFC 7519] - [JSON Web Tokens]
* [RFC 7521] - [Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants|RFC 7521]
* [RFC 7522] - [Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants|RFC 7522]
* [RFC 7523] - [JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants|RFC 7523]
* [RFC 7591] - [OAuth 2.0 Dynamic Client Registration Protocol]
* [RFC 7592] - [OAuth 2.0 Dynamic Client Registration Management Protocol|RFC 7592]
* [OAuth 2.0 Security Considerations]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]

----
* [#1] - [The OAuth 2.0 Authorization Framework|https://tools.ietf.org/html/rfc6749|target='_blank'] - based on data observed:2015-05-18
* [#2] - based loosely on [http://en.wikipedia.org/wiki/OAuth] - Retrieved 2013-03-29
</pre>