OAuth logoDraft 09 of the OAuth 2.0 Bearer Token Specification has been published, which incorporates Working Group Last Call feedback. It contains the following changes:

  • Use definitions from [I-D.ietf-httpbis-p7-auth] rather than [RFC2617].
  • Update credentials definition to conform to [I-D.ietf-httpbis-p7-auth].
  • Further clarified that query parameters may occur in any order.
  • Specify that error_description is UTF-8 encoded (matching the core specification).
  • Registered “Bearer” Authentication Scheme in Authentication Scheme Registry defined by [I-D.ietf-httpbis-p7-auth].
  • Updated references to oauth-v2, httpbis-p1-messaging, and httpbis-p7-auth drafts.
  • Other wording improvements not introducing normative changes.

The draft is available at these locations: