OAuth logoDraft 17 of the OAuth 2.0 Bearer Token Specification has been published. This version changes the RFCs referenced for certificate chain verification. The wording was proposed by Alexey Melnikov as part of the Gen-ART review.

It contains the following changes:

  • Restore RFC 2818 reference for server identity verification and add RFC 5280 reference for certificate revocation lists, per Gen-ART review comments.

The draft is available at:

An HTML-formatted version is available at: