OAuth 2.0 Threat Model and Security Considerations, January 2013
- Canonical URL:
- File formats:
- T. Lodderstedt, Ed.
- oauth (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification, based on a comprehensive threat model for the OAuth 2.0 protocol. This document is not an Internet Standards Track specification; it is published for informational purposes.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.