はてなブックマーク

OAuth 3 OAuth 3.0 does not exist. Over the years, even as early as 2012 when OAuth 2.0 was published, several efforts have attempted to evolve and build upon OAuth 2.0. However, as of September 2025, there is no spec officially called OAuth 3. The OAuth Working Group at the IETF has not decided to pursue an effort to develop OAuth 3. Instead, OAuth 2.1 is an officially adopted draft by the OAuth W

User Authentication with OAuth 2.0 The OAuth 2.0 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth is used in a wide variety of applications, including providing mechanisms for user authentication. This has led many developers and API providers to incorrectly conclude that OAuth is itself an

OAuth 2.0 OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group. OAuth 2.1 is an in-progress effort to consolidate OAut

Below are some guides to OAuth 2.0 which cover many of the topics needed to understand and implement clients and servers. OAuth 2.0 Simplified OAuth 2.0 Simplified, written by Aaron Parecki, is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level. Roles: Applications, APIs and Users Creating an App Authorization: Obtaining an access token

This specification was obsoleted by RFC 6749: The OAuth 2.0 Authorization Framework. Implementers should use RFC 6749 instead of this specification. June 24, 2009 OAuth Core 1.0 Revision A License This specification was derived from the OAuth Core 1.0 specification which was made available under the OAuth Non-Assertion Covenant and Author's Contribution License For OAuth Specification 1.0 availabl

OAuth Security Advisory: 2009.1 23-April-2009 A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered. Impact All standards-compliant implementations of the OAuth Core 1.0 protocol that use the OAuth authorization flow (also known as ‘3-legged OAuth’) are affected. Details The attack starts with the attacker visiting the (honest) Consu

 This specification was obsoleted by OAuth Core 1.0 Revision A on June 24th, 2009 to address a session fixation attack. The OAuth Core 1.0 Revision A specification is being obsoleted by the proposed IETF draft draft-hammer-oauth. The draft is currently pending IESG approval before publication as an RFC. Implementers should use RFC 6749: The OAuth 2.0 Authorization Framework instead of this specif

OAuth Providers Open Source Authentik a12n-server Casdoor Glewlwyd Omejdn Keycloak OAuth.io ORY Hydra oidc-provider SimpleLogin Spring Authorization Server SSQ signon WSO2 Identity Server ZITADEL boruta Logto Commercial Asgardeo Auth0 Authress cidaas Clerk Corbado Curity Identity Server Descope ForgeRock FusionAuth LoginRadius Okta PingId Red Hat Single Sign-On Stytch ZITADEL Cloud IBM Cloud App I

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. Learn more about OAuth 2.0 » For app developers... If you're building... web applications desktop applications mobile applications JavaScript or browser-based apps OAuth is a way to get access to protected data from an application. It's safer and more secure than asking users t