What's New in OAuth 2.1

In this talk you'll learn about the latest developments with the OAuth and OIDC specs directly from Aaron Parecki, the co-author of OAuth 2.1. The latest additions to the specs enable richer experiences and better security for applications and APIs using OAuth.

Since the original publication of OAuth 2.0 (RFC 6749) in 2012, several new RFCs have been published that either add or remove functionality from the core spec, including OAuth 2.0 for Native Apps, Proof Key for Code Exchange, OAuth for Browser-Based Apps, and OAuth 2.0 Security Best Current Practice. OAuth 2.1 is an in-progress effort to consolidate and simplify OAuth 2.0 by packaging up all the best practices into a new version of the spec. This session will cover the current status of this ongoing work and what you need to know to be prepared.