OAUTH-2-1
OAuth 2.1 IETF BCP draft.
Definition
OAuth 2.1 unifies OAuth 2.0, OAuth Security Topics (RFC 9700, formerly BCP 240), PKCE (RFC 7636), Token Binding. Implicit Grant and Resource Owner Password permanently removed. PKCE mandatory for all Authorization Code flows. Final RFC publication expected 2026.
Origin
IETF OAuth WG initiative March 2020 ; draft-ietf-oauth-v2-1 active since 2021.
Example in context
A SaaS vendor mandates OAuth 2.1 in its new 2026 B2B product to forbid Implicit Grant.
Related terms
- OAuth 2.0 — stable parent.