RFC 6749: The OAuth 2.0 Authorization Framework2012 RFC
- Editor:
- D. Hardt
Skip Abstract Section
Abstract
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]
Cited By
Hosseyni P, Küsters R and Würtele T (2024). Formal Security Analysis of the OpenID FAPI 2.0 Family of Protocols: Accompanying a Standardization Process, ACM Transactions on Privacy and Security, 28:1, (1-36), Online publication date: 28-Feb-2025.- Bernabé Murcia J, Cánovas E, García-Rodríguez J, M. Zarca A and Skarmeta A (2025). Decentralised Identity Management solution for zero-trust multi-domain Computing Continuum frameworks, Future Generation Computer Systems, 162:C, Online publication date: 1-Jan-2025.
- Patil V and Shyamasundar R A Decoupling Mechanism for Transaction Privacy Information Systems Security, (359-379)
- Schardong F and Custódio R The Role-Artifact-Function Framework for Understanding Digital Identity Models Conceptual Modeling, (377-395)
- Linker F and Basin D SOAP Proceedings of the 33rd USENIX Conference on Security Symposium, (3223-3240)
- Cremonezi B, Vieira A, Nacif J, Silva E and Nogueira M (2024). Identity management for Internet of Things, Computer Communications, 224:C, (72-94), Online publication date: 1-Aug-2024.
- Mousavi Z, Islam C, Moore K, Abuadbba A and Babar M An Investigation into Misuse of Java Security APIs by Large Language Models Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, (1299-1315)
- Möller J, Weißberg F, Pirch L, Eisenhofer T and Rieck K Cross-Language Differential Testing of JSON Parsers Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, (1117-1127)
- Baseri Y, Chouhan V and Hafid A (2024). Navigating quantum security risks in networked environments, Computers and Security, 142:C, Online publication date: 1-Jul-2024.
- Thorn S, English K, Butler K and Enck W 5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network Functions Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks, (66-77)
- Mortágua D, Zúquete A and Salvador P (2024). Enhancing 802.1X authentication with identity providers using EAP-OAUTH and OAuth 2.0, Computer Networks: The International Journal of Computer and Telecommunications Networking, 244:C, Online publication date: 1-May-2024.
- Schardong F and Custodio R From Self-Sovereign Identity to Fiduciary Identity: A Journey Towards Greater User Privacy and Usability Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing, (687-694)
- Cirne A, Sousa P, Resende J and Antunes L (2024). Hardware Security for Internet of Things Identity Assurance, IEEE Communications Surveys & Tutorials, 26:2, (1041-1079), Online publication date: 1-Apr-2024.
- Aboukadri S, Ouaddah A and Mezrioui A (2024). Machine learning in identity and access management systems, Computers and Security, 139:C, Online publication date: 1-Apr-2024.
- Sousa B and Gonçalves C (2024). FedAAA-SDN, Computer Networks: The International Journal of Computer and Telecommunications Networking, 239:C, Online publication date: 1-Feb-2024.
- Ge Y and Zhu Q (2024). GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT Networks, IEEE Transactions on Information Forensics and Security, 19, (540-554), Online publication date: 1-Jan-2024.
- Akon M, Yang T, Dong Y and Hussain S Formal Analysis of Access Control Mechanism of 5G Core Network Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, (666-680)
- Ardi C and Calder M The Prevalence of Single Sign-On on the Web: Towards the Next Generation of Web Content Measurement Proceedings of the 2023 ACM on Internet Measurement Conference, (124-130)
- Helmschmidt F, Hosseyni P, Küsters R, Pruiksma K, Waldmann C and Würtele T The Grant Negotiation and Authorization Protocol: Attacking, Fixing, and Verifying an Emerging Standard Computer Security – ESORICS 2023, (222-242)
- Kalantari S, Philippaerts P, Dimova Y, Hughes D, Joosen W and De Decker B A User-Centric Approach to API Delegations Computer Security – ESORICS 2023, (318-337)
- Gheri L and Yoshida N (2023). Hybrid Multiparty Session Types: Compositionality for Protocol Specification through Endpoint Projection, Proceedings of the ACM on Programming Languages, 7:OOPSLA1, (112-142), Online publication date: 6-Apr-2023.
- Gagliardelli L, Zecchini L, Ferretti L, Beneventano D, Simonini G, Bergamaschi S, Orsini M, Magnotta L, Mescoli E, Livaldi A, Gessa N, De Sabbata P, D’Agosta G, Paolucci F and Moretti F (2023). A big data platform exploiting auditable tokenization to promote good practices inside local energy communities, Future Generation Computer Systems, 141:C, (595-610), Online publication date: 1-Apr-2023.
- Kasahara Y End of Basic Authentication and Migration to Modern Authentication for Exchange Online Proceedings of the 2023 ACM SIGUCCS Annual Conference, (32-35)
- Jansen C, Lindequist B, Strohmenger K, Romberg D, Küster T, Weiss N, Franz M, Schwen L, Evans T, Homeyer A and Zerbe N (2023). The vendor-agnostic EMPAIA platform for integrating AI applications into digital pathology infrastructures, Future Generation Computer Systems, 140:C, (209-224), Online publication date: 1-Mar-2023.
- Jannett L, Mladenov V, Mainka C and Schwenk J DISTINCT Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, (1553-1567)
- Skopik F, Landauer M and Wurzenberger M (2022). Blind Spots of Security Monitoring in Enterprise Infrastructures: A Survey, IEEE Security and Privacy, 20:6, (18-26), Online publication date: 1-Nov-2022.
- Deochake S and Channapattan V Identity and Access Management Framework for Multi-tenant Resources in Hybrid Cloud Computing Proceedings of the 17th International Conference on Availability, Reliability and Security, (1-8)
- Aydemir B, Basney J, Bockelman B, Gaynor J and Weitzel D SciAuth: A Lightweight End-to-End Capability-Based Authorization Environment for Scientific Computing Practice and Experience in Advanced Research Computing 2022: Revolutionary: Computing, Connections, You, (1-5)
- Gao Y, Basney J and Withers A SciTokens SSH: Token-based Authentication for Remote Login to Scientific Computing Environments Practice and Experience in Advanced Research Computing 2020: Catch the Wave, (465-468)
- Salis A, Jensen J, Bulla R, Mancini G and Cocco P Security and Privacy Management in a Fog-to-Cloud Environment Euro-Par 2019: Parallel Processing Workshops, (99-111)
Index Terms
- RFC 6749: The OAuth 2.0 Authorization Framework
Index terms have been assigned to the content through auto-classification.
Recommendations
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...