April 23, 2018
OAuth Device Flow spec addressing Area Director comments

OAuth logoThe OAuth 2.0 Device Flow for Browserless and Input Constrained Devices specification has been updated to address feedback by Security Area Director Eric Rescorla about the potential of a confused deputy attack. Thanks to John Bradley for helping work out the response to Eric and to William Denniss for reviewing and publishing the changes to the draft.

The specification is available at:

An HTML-formatted version is also available at:

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.