creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-oauth2-authorization-flow/references/standards.md
T

53 lines
2.2 KiB
Markdown
Raw Blame History

# Standards and References - OAuth 2.0 Authorization Flow
## Core OAuth Standards
- **RFC 6749**: The OAuth 2.0 Authorization Framework
- https://datatracker.ietf.org/doc/html/rfc6749
- **RFC 6750**: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- https://datatracker.ietf.org/doc/html/rfc6750
- **RFC 7636**: Proof Key for Code Exchange (PKCE)
- https://datatracker.ietf.org/doc/html/rfc7636
- **RFC 9700**: OAuth 2.0 Security Best Current Practice
- https://datatracker.ietf.org/doc/html/rfc9700
- **OAuth 2.1 Draft**: Consolidation of OAuth 2.0 with PKCE mandatory
- https://oauth.net/2.1/
## Token Standards
- **RFC 7519**: JSON Web Token (JWT)
- https://datatracker.ietf.org/doc/html/rfc7519
- **RFC 7515**: JSON Web Signature (JWS)
- https://datatracker.ietf.org/doc/html/rfc7515
- **RFC 9449**: OAuth 2.0 Demonstrating Proof of Possession (DPoP)
- https://datatracker.ietf.org/doc/html/rfc9449
- **RFC 7009**: OAuth 2.0 Token Revocation
- https://datatracker.ietf.org/doc/html/rfc7009
## OpenID Connect
- **OpenID Connect Core 1.0**: Authentication layer on OAuth 2.0
- https://openid.net/specs/openid-connect-core-1_0.html
- **OpenID Connect Discovery**: Provider metadata discovery
- https://openid.net/specs/openid-connect-discovery-1_0.html
## Additional Grant Types
- **RFC 8628**: OAuth 2.0 Device Authorization Grant
- https://datatracker.ietf.org/doc/html/rfc8628
## NIST Standards
- **NIST SP 800-63B**: Digital Identity Guidelines - Authentication
- **NIST SP 800-53 Rev 5**:
- AC-3: Access Enforcement
- IA-5: Authenticator Management
- SC-13: Cryptographic Protection
- SC-23: Session Authenticity
- AU-3: Content of Audit Records
## Implementation Guides
- **Auth0 PKCE Guide**: https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce
- **Microsoft OIDC Flow**: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
- **Okta OAuth Express**: https://developer.okta.com/blog/2025/07/28/express-oauth-pkce
- **PKCE Explained**: https://oauth.net/2/pkce/
## Security References
- **OWASP OAuth 2.0 Security**: Common vulnerabilities and mitigations
- **OAuth Security Workshop**: Annual research on OAuth attack vectors
Reference in New Issue View Git Blame Copy Permalink