OAuth 2-1 detail
OAuth 2.1 modern IETF BCP consolidation.
Definition
OAuth 2.1 remains backward-compatible with OAuth 2.0 but formally deprecates insecure patterns. Retained flows: Authorization Code + PKCE, Client Credentials, Refresh Token, Device Authorization Grant (RFC 8628). Confidential / public client auth clarified. IETF draft status, finalization expected 2025 or 2026.
Origin
IETF OAuth Working Group, initial draft 2020, latest revision draft-12 2024.
Usage
Already adopted in practice by OpenAPI Initiative, FAPI 2.0, OIDC Core, and most modern SDKs.
Related terms
- OAuth 2.0 — standard parent.
- OAuth PKCE — requis obligatoire.
- FAPI 2.0 — application sécurisée.