Specifications and useful resources
Specifications and useful resources for IAM development
OAuth
- OAuth WG home
- Main OAuth RFC
- Bearer token usage
- OAuth threat model
- Security recommendations
- Discovery/AuthZ server metadata
- Token exchange
- Device flow
- Token revocation
- OAuth resource indicators
- OAuth for native apps
- OAuth and MTLS
- OAuth assertion framework
- JWT profile for client & authorizationg grants
- Token introspection
- Dynamic client registration
- Dynamic client management
- Profile for JWT access tokens
- Authentication method reference values
- OAuth 2.1
OpenID Connect
- OpenID Connect specifications home
- OpenID Connect core
- OpenID Connect discovery
- OpenID Connect dynamic registration
- OpenID Connect federation
JSON Web Tokens (JWTs)
- JOSE WG homme
- JWT
- Examples and use cases
- JSON Web Algorithms
- JSON Web Encryption
- JSON Web Key
- JSON Web Signature
- JWT Thumbprint
- JWT best current practices
AARC
Last modified October 27, 2021: Added OAuth 2.1 reference (5aad5e5)