Since publication in 2012 OAuth 2.0 has become the standard for API authorization. To cope with general technological development and to be able to address more advanced use cases, it needed to be augmented resulting in a large number of extensions. Due to the increased security requirements and challenges, there was also a need to publish updated security guidelines and to even discourage use of some existing OAuth flows. From a developers perspective, all those developments resulted in a sometimes confusing landscape around OAuth. The working group recently decided to consolidate and enhance the existing OAuth 2.0 landscape and start development towards a new major revision OAuth 3.
This talk will describe the current OAuth 2.0 landscape and will give an outlook on the future development towards OAuth 2.1. and 3.
Key takeaways:
- There are several useful OAuth extensions, most developers are not aware of
- the OAuth working group issued updated OAuth security guidelines
- the OAuth working group plans to simplify the OAuth landscape by updating the core spec
- there is also development towards a new major OAuth revision that aims at including features today requiring OAuth extensions and a simpler yet more powerful programming model