Symmetric Proof of Possession for the OAuth Authorization Code Grant
draft-ietf-oauth-spop-04

The information below is for an old version of the document
Document Type None Internet-Draft (oauth WG)
Last updated 2014-11-12
Replaces draft-sakimura-oauth-tcse
Stream IETF
Intended RFC status Proposed Standard
Formats
Expired & archived
pdf htmlized bibtex
Reviews
Additional URLs
- Mailing list discussion
Stream WG state (None)
Document shepherd Hannes Tschofenig
IESG IESG state Unknown state
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-oauth-spop-04.txt

Abstract

The OAuth 2.0 public client utilizing Authorization Code Grant (RFC 6749 - 4.1) is susceptible to the code interception attack. This specification describes a mechanism that acts as a control against this threat.

Authors

Nat Sakimura (n-sakimura@nri.co.jp)
John Bradley (ve7jtb@ve7jtb.com)
Naveen Agarwal (naa@google.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)