Since the original publication of OAuth 2.0 (RFC 6749) in 2012, several new RFCs have been published that either add or remove functionality from the core spec, including OAuth 2.0 for Native Apps, Proof Key for Code Exchange, OAuth for Browser-Based Apps, and OAuth 2.0 Security Best Current Practice.
OAuth 2.1 is an in-progress effort to consolidate and simplify OAuth 2.0.
The main goal with OAuth 2.1 is to capture the current best practices in OAuth 2.0 as well as its well-established extensions under a single name. That also means specifically that this effort will not define any new behavior itself, instead it captures behavior defined in other existing specs. OAuth 2.1 also won’t include anything considered experimental or still in progress.
This session will present the current status of this ongoing work along with the underlying rationales.