“OAuth 2.1” and beyond

OAuth 2.0 was released in 2012 and is now a bit dated for some of today’s security requirements.

The deprecation of some of the old flows and the addition of newer specs will form the new baseline for OAuth going forward - currently code-named “OAuth 2.1”. This talk will give you an overview of the more modern and advanced OAuth-related techniques around strong client authentication, proof-of-possession access tokens, resource indicators, identity delegation and hardening authorization requests using JWTs (JAR) and pushed parameters (PAR)