OAuth

OAuth 2.0 Core

• OAuth 2.0 Framework - RFC 6749
• Bearer Token Usage - RFC 6750
• Threat Model and Security Considerations - RFC 6819

Protocols Built on OAuth 2.0

• Open ID Connect
• Blue Button
• Green Button
• UMA
• GSMA OneAPI

OAuth 2.0 Extensions

• JSON Web Token - RFC 7519
• OAuth Assertions Framework - RFC 7521
• SAML2 Bearer Assertion - RFC 7522, for integrating with existing identity systems
• JWT Bearer Assertion - RFC 7523, for integrating with existing identity systems

Community Resources

• OAuth 2.0 Simplified
• OAuth Resource Center from Eran Hammer-Lahav the specifications editor, including a beginner's guide and tutorials.

Obsolete Versions of OAuth

• RFC 5849: The OAuth 1.0 Protocol - the final version of the OAuth 1.0 specification.
• OAuth Core 1.0 was released December 4, 2007.
• OAuth Core 1.0 Revision A was released June 24, 2009.