Markdown Version | Transcript | Session Recording | Session Materials

Session Date/Time: 16 Mar 2026 06:00

OAUTH

IETF 125 - OAuth Working Group Minutes

Summary

The OAUTH Working Group met at IETF 125 to progress core specifications and address emerging use cases. Key highlights included finalizing the technical direction for OAuth 2.1 and OAuth 2.0 for First-Party Applications, alongside significant discussions on AI Agent authorization, SPIFFE client authentication, and Rich Authorization Request (RAR) metadata. The group reached a consensus to deprecate the "plain" PKCE challenge method in OAuth 2.1 and decided against extending PAR for the First-Party Apps specification.

Key Discussion Points

1. Chairs Update

Presenters: Hannes Tschofenig and Mike Jones Slides: Chairs Update

The Browser-Based Applications and Trust Device Flow Security BCP documents are currently in the RFC Editor queue.
draft-ietf-oauth-v2-1 is nearing completion.

2. OAuth 2.1

Presenter: Aaron Parecki Draft: draft-ietf-oauth-v2-1 Slides: OAuth 2.1

Mix-up Mitigation: Discussion on issue 233 regarding the iss parameter. Aaron Parecki proposed making the iss response parameter required. Kaishuai Luo noted that for this to be effective, clients must also validate the issuer against trusted metadata (RFC 8414).
PKCE Challenge Methods: Aaron Parecki proposed forbidding the plain PKCE challenge method, as SHA-256 is universally available in modern environments.
- Consensus: John Bradley and others supported removing plain.

3. OAuth Client ID Metadata Document

Presenter: Aaron Parecki Draft: draft-ietf-oauth-client-id-metadata-document Slides: Client ID Metadata Document

Key Issues: Discussion on whether to mandate HTTPS for URIs, how to handle jwks vs jwks_uri, and content-type negotiation to prevent SSRF attacks.
Technical Input: Brian Campbell recommended favoring jwks_uri to keep keys independent of metadata that changes less frequently. Michael Fraser suggested aligning with OpenID Federation guidance for metadata handling.

4. OAuth 2.0 for First-Party Applications

Presenter: Aaron Parecki Draft: draft-ietf-oauth-first-party-apps Slides: OAuth for First Party Apps

PAR Integration: The editors recommended not extending Pushed Authorization Requests (PAR) for this draft, as it would require significant changes to the PAR response structure.
- Consensus: Brian Campbell and the room supported the decision to avoid PAR. The draft is considered ready for Working Group Last Call (WGLC).

5. Identity Assertion JWT Authorization Grant

Presenter: Aaron Parecki Draft: draft-ietf-oauth-identity-assertion-authz-grant Slides: Identity Assertion Authorization Grant

Recent updates include support for DPoP, RAR examples, and using Refresh Tokens as subject tokens to handle expired ID tokens in enterprise SSO scenarios.
Reviewers: Aaron Parecki, Brian Campbell, and Antoine Guy.

6. Updates to OAuth 2.0 Security Best Current Practice

Presenter: Kaishuai Luo Draft: draft-ietf-oauth-security-topics-update Slides: Updates to OAuth 2.0 Security Best Current Practice

The draft addresses new attack vectors: Audience Injection, Cross-Toolkit Account Takeover (COAT), and Cross-User Session Fixation.
Hannes Tschofenig noted that the "mix-up" landscape has evolved, making this work critical for multi-tenant and AI agent ecosystems.

7. RAR Metadata and Error Signaling

Presenter: Yaron Sheffer Slides: RAR Metadata and Error Signaling

Proposed a mechanism for Resource Servers to signal which RAR types are required via an error response and discovery endpoint.
Justin Richer raised concerns about Resource Servers becoming "unwitting oracles" if they provide too much detail in error responses. Pamela Dingle noted potential proliferation issues with custom schemas.

8. OAuth 2.0 for Native Clients with Federation

Presenter: Yaron Sheffer Slides: OAuth 2.0 for native clients with federation

A profile of draft-ietf-oauth-first-party-apps to support native app-to-app federation across trust domains without falling back to a browser.

9. Additional Hash Algorithms for OAuth 2.0

Presenter: Aaron Parecki (for Filip Skokan) Slides: Additional Hash Algorithms for OAuth 2.0

Introduces SHA-512 to support CNSA 2.0 requirements where SHA-256 is prohibited.
Brian Campbell and Justin Richer suggested avoiding complex negotiation frameworks, favoring simple registry extensions instead.

10. SPIFFE Client Authentication

Presenter: Arnt Richard Johansen Draft: draft-ietf-oauth-spiffe-client-auth Slides: OAuth SPIFFE Client Authentication

The draft is now adopted and aims to align with draft-ietf-oauth-attestation-based-client-auth for Workload Entity Tokens (WET).

11. AI Agents and Transaction Tokens

Multi-Agent Collaboration: Yuan Ni presented options for static and dynamic task groups using draft-ietf-oauth-transaction-tokens. Slides: OAuth2.0 Extension for Multi-AI Agent Collaboration
Agent-to-Agent Profile: Yuan Ni proposed using transaction tokens to protect context and identity in agent call chains. Slides: A2A profile for OAuth transaction tokens
Agent Operation Authorization: Discussion on how to authorize specific AI operations using intent-based proposals in PAR. Slides: Agent Operation Authorization

Decisions and Action Items

OAuth 2.1: Deprecate the plain PKCE code challenge method.
First-Party Apps: Proceed to WGLC without PAR integration.
Action Item: Aaron Parecki to perform an editorial pass on draft-ietf-oauth-identity-assertion-authz-grant prior to WGLC.
Action Item: Chairs to coordinate review cycles for the new AI-related drafts and the Security Topics update.

Next Steps

Virtual Interims: The chairs will schedule interim meetings to specifically address the various AI agent authorization proposals and multi-agent collaboration workflows.
WGLC: A Working Group Last Call will be issued for draft-ietf-oauth-first-party-apps shortly.
Draft Updates: Authors of the RAR metadata and Additional Hash Algorithms drafts to incorporate feedback regarding discovery and negotiation complexity.

Automatic IETF Minutes