Oauth 2.1 vindo aí
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/
OAuth 2.1 makes PKCE mandatory, meaning servers must reject authorization requests missing code_challenge, but mandatory in the spec doesn't always mean enforced in the implementation.
Alongside that, implicit flow and password credentials are officially dead, redirect URIs require exact string matching instead of wildcards, and bearer tokens are no longer allowed in URIs.
Notícia tirada do post do Critical Thinking no linkedin
https://www.linkedin.com/posts/oauth-21-makes-pkce-mandatory-meaning-servers-share-7450981801797378048-hq56
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/
OAuth 2.1 makes PKCE mandatory, meaning servers must reject authorization requests missing code_challenge, but mandatory in the spec doesn't always mean enforced in the implementation.
Alongside that, implicit flow and password credentials are officially dead, redirect URIs require exact string matching instead of wildcards, and bearer tokens are no longer allowed in URIs.
Notícia tirada do post do Critical Thinking no linkedin
https://www.linkedin.com/posts/oauth-21-makes-pkce-mandatory-meaning-servers-share-7450981801797378048-hq56
IETF Datatracker
The OAuth 2.1 Authorization Framework
The OAuth 2.1 authorization framework enables an application to obtain limited access to a protected resource, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and an authorization service, or by allowing…
