The Case for OAuth 3.0

It’s been about a year since I proposed that we should move past OAuth 2.0, and a lot has happened since then to tackle some of the issues that I raised. I helped lead the TxAuth session at IETF 106 in Singapore last week, and we had a number of side meetings and follow ons from that to discuss the implications. So far, we’re seeing two major approaches: extending OAuth 2.0, and building a new protocol from the ground up. I think there’s room for both in the world, for different reasons.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Justin Richer

Justin Richer is a security architect and freelance consultant living in the Boston area. To get in touch, contact his company: