Hi all, we just published draft 25 of OAuth for Browser-Based Apps addressing all the feedback from the IESG reviews.
https://datatracker.ietf.org/doc/draft-ietf-oauth-browser-based-apps/ I do not expect to need time on the agenda for Madrid to discuss this, but please take a look anyway. Aaron On Thu, Jul 3, 2025 at 6:21 PM <[email protected]> wrote: > > Internet-Draft draft-ietf-oauth-browser-based-apps-25.txt is now available. It > is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. > > Title: OAuth 2.0 for Browser-Based Applications > Authors: Aaron Parecki > Philippe De Ryck > David Waite > Name: draft-ietf-oauth-browser-based-apps-25.txt > Pages: 68 > Dates: 2025-07-03 > > Abstract: > > This specification details the threats, attack consequences, security > considerations and best practices that must be taken into account > when developing browser-based applications that use OAuth 2.0. > > Discussion Venues > > This note is to be removed before publishing as an RFC. > > Discussion of this document takes place on the Web Authorization > Protocol Working Group mailing list ([email protected]), which is > archived at https://mailarchive.ietf.org/arch/browse/oauth/. > > Source for this draft and an issue tracker can be found at > https://github.com/oauth-wg/oauth-browser-based-apps. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-browser-based-apps/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-25.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-browser-based-apps-25 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
