Draft 19 of the OAuth 2.0 Bearer Token Specification has been published. It addresses DISCUSS issues and COMMENTs raised for which resolutions have been agreed to. No normative changes were made. Changes made were:
- Use ABNF from RFC 5234.
- Added sentence “The Bearer authentication scheme is intended primarily for server authentication using the WWW-Authenticate and Authorization HTTP headers, but does not preclude its use for proxy authentication” to the introduction.
- In the introduction, state that this document also imposes semantic requirements upon the access token.
- Reference the
scopedefinition in the OAuth core spec.
- Reference RFC 6265 for security considerations about cookies.
The draft is available at:
An HTML-formatted version is available at: