Symmetric Proof of Possession for the OAuth Authorization Code Grant
draft-ietf-oauth-spop-04
The information below is for an old version of the document | |||||
---|---|---|---|---|---|
Document | Type | None Internet-Draft (oauth WG) | |||
Last updated | 2014-11-12 | ||||
Replaces | draft-sakimura-oauth-tcse | ||||
Stream | IETF | ||||
Intended RFC status | Proposed Standard | ||||
Formats |
Expired & archived
pdf
htmlized
bibtex
|
||||
Reviews | |||||
Additional URLs |
|
||||
Stream | WG state | (None) | |||
Document shepherd | Hannes Tschofenig | ||||
IESG | IESG state | Unknown state | |||
Consensus Boilerplate | Unknown | ||||
Telechat date | |||||
Responsible AD | (None) | ||||
Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-oauth-spop-04.txt
Abstract
The OAuth 2.0 public client utilizing Authorization Code Grant (RFC 6749 - 4.1) is susceptible to the code interception attack. This specification describes a mechanism that acts as a control against this threat.
Authors
Nat Sakimura
(n-sakimura@nri.co.jp)
John Bradley
(ve7jtb@ve7jtb.com)
Naveen Agarwal
(naa@google.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)