**Session Date/Time:** 16 Mar 2026 06:00

# [OAUTH](../wg/oauth.html)

**IETF 125 - OAuth Working Group Minutes**

## Summary
The OAUTH Working Group met at IETF 125 to progress core specifications and address emerging use cases. Key highlights included finalizing the technical direction for **OAuth 2.1** and **OAuth 2.0 for First-Party Applications**, alongside significant discussions on **AI Agent authorization**, **SPIFFE client authentication**, and **Rich Authorization Request (RAR) metadata**. The group reached a consensus to deprecate the "plain" PKCE challenge method in OAuth 2.1 and decided against extending PAR for the First-Party Apps specification.

---

## Key Discussion Points

### 1. Chairs Update
**Presenters:** Hannes Tschofenig and Mike Jones
**Slides:** [Chairs Update](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-chairs-update-00)
*   The Browser-Based Applications and Trust Device Flow Security BCP documents are currently in the RFC Editor queue.
*   [draft-ietf-oauth-v2-1](https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/) is nearing completion.

### 2. OAuth 2.1
**Presenter:** Aaron Parecki
**Draft:** [draft-ietf-oauth-v2-1](https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/)
**Slides:** [OAuth 2.1](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-oauth-21-00)
*   **Mix-up Mitigation:** Discussion on issue 233 regarding the `iss` parameter. Aaron Parecki proposed making the `iss` response parameter required. Kaishuai Luo noted that for this to be effective, clients must also validate the issuer against trusted metadata (RFC 8414).
*   **PKCE Challenge Methods:** Aaron Parecki proposed forbidding the `plain` PKCE challenge method, as SHA-256 is universally available in modern environments.
    *   **Consensus:** John Bradley and others supported removing `plain`.

### 3. OAuth Client ID Metadata Document
**Presenter:** Aaron Parecki
**Draft:** [draft-ietf-oauth-client-id-metadata-document](https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/)
**Slides:** [Client ID Metadata Document](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-client-id-metadata-document-00)
*   **Key Issues:** Discussion on whether to mandate HTTPS for URIs, how to handle `jwks` vs `jwks_uri`, and content-type negotiation to prevent SSRF attacks.
*   **Technical Input:** Brian Campbell recommended favoring `jwks_uri` to keep keys independent of metadata that changes less frequently. Michael Fraser suggested aligning with OpenID Federation guidance for metadata handling.

### 4. OAuth 2.0 for First-Party Applications
**Presenter:** Aaron Parecki
**Draft:** [draft-ietf-oauth-first-party-apps](https://datatracker.ietf.org/doc/draft-ietf-oauth-first-party-apps/)
**Slides:** [OAuth for First Party Apps](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-oauth-for-first-party-apps-00)
*   **PAR Integration:** The editors recommended *not* extending Pushed Authorization Requests (PAR) for this draft, as it would require significant changes to the PAR response structure.
    *   **Consensus:** Brian Campbell and the room supported the decision to avoid PAR. The draft is considered ready for Working Group Last Call (WGLC).

### 5. Identity Assertion JWT Authorization Grant
**Presenter:** Aaron Parecki
**Draft:** [draft-ietf-oauth-identity-assertion-authz-grant](https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/)
**Slides:** [Identity Assertion Authorization Grant](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-identity-assertion-authorization-grant-00)
*   Recent updates include support for DPoP, RAR examples, and using Refresh Tokens as subject tokens to handle expired ID tokens in enterprise SSO scenarios.
*   **Reviewers:** Aaron Parecki, Brian Campbell, and Antoine Guy.

### 6. Updates to OAuth 2.0 Security Best Current Practice
**Presenter:** Kaishuai Luo
**Draft:** [draft-ietf-oauth-security-topics-update](https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics-update/)
**Slides:** [Updates to OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-updates-to-oauth-20-security-best-current-practice-00)
*   The draft addresses new attack vectors: Audience Injection, Cross-Toolkit Account Takeover (COAT), and Cross-User Session Fixation.
*   Hannes Tschofenig noted that the "mix-up" landscape has evolved, making this work critical for multi-tenant and AI agent ecosystems.

### 7. RAR Metadata and Error Signaling
**Presenter:** Yaron Sheffer
**Slides:** [RAR Metadata and Error Signaling](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-rar-metadata-and-error-signaling-00)
*   Proposed a mechanism for Resource Servers to signal which RAR types are required via an error response and discovery endpoint.
*   Justin Richer raised concerns about Resource Servers becoming "unwitting oracles" if they provide too much detail in error responses. Pamela Dingle noted potential proliferation issues with custom schemas.

### 8. OAuth 2.0 for Native Clients with Federation
**Presenter:** Yaron Sheffer
**Slides:** [OAuth 2.0 for native clients with federation](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-oauth-20-for-native-clients-with-federation-00)
*   A profile of [draft-ietf-oauth-first-party-apps](https://datatracker.ietf.org/doc/draft-ietf-oauth-first-party-apps/) to support native app-to-app federation across trust domains without falling back to a browser.

### 9. Additional Hash Algorithms for OAuth 2.0
**Presenter:** Aaron Parecki (for Filip Skokan)
**Slides:** [Additional Hash Algorithms for OAuth 2.0](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-additional-hash-algorithms-for-oauth-20-00)
*   Introduces SHA-512 to support CNSA 2.0 requirements where SHA-256 is prohibited.
*   Brian Campbell and Justin Richer suggested avoiding complex negotiation frameworks, favoring simple registry extensions instead.

### 10. SPIFFE Client Authentication
**Presenter:** Arnt Richard Johansen
**Draft:** [draft-ietf-oauth-spiffe-client-auth](https://datatracker.ietf.org/doc/draft-ietf-oauth-spiffe-client-auth/)
**Slides:** [OAuth SPIFFE Client Authentication](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-oauth-spiffe-client-authentication-00)
*   The draft is now adopted and aims to align with [draft-ietf-oauth-attestation-based-client-auth](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/) for Workload Entity Tokens (WET).

### 11. AI Agents and Transaction Tokens
*   **Multi-Agent Collaboration:** Yuan Ni presented options for static and dynamic task groups using [draft-ietf-oauth-transaction-tokens](https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/). Slides: [OAuth2.0 Extension for Multi-AI Agent Collaboration](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-oauth20-extension-for-multi-ai-agent-collaboration-00)
*   **Agent-to-Agent Profile:** Yuan Ni proposed using transaction tokens to protect context and identity in agent call chains. Slides: [A2A profile for OAuth transaction tokens](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-a2a-profile-for-oauth-transaction-tokens-02)
*   **Agent Operation Authorization:** Discussion on how to authorize specific AI operations using intent-based proposals in PAR. Slides: [Agent Operation Authorization](https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-agent-operation-authorization-02)

---

## Decisions and Action Items
1.  **OAuth 2.1:** Deprecate the `plain` PKCE code challenge method.
2.  **First-Party Apps:** Proceed to WGLC without PAR integration.
3.  **Action Item:** Aaron Parecki to perform an editorial pass on [draft-ietf-oauth-identity-assertion-authz-grant](https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/) prior to WGLC.
4.  **Action Item:** Chairs to coordinate review cycles for the new AI-related drafts and the Security Topics update.

---

## Next Steps
*   **Virtual Interims:** The chairs will schedule interim meetings to specifically address the various AI agent authorization proposals and multi-agent collaboration workflows.
*   **WGLC:** A Working Group Last Call will be issued for [draft-ietf-oauth-first-party-apps](https://datatracker.ietf.org/doc/draft-ietf-oauth-first-party-apps/) shortly.
*   **Draft Updates:** Authors of the RAR metadata and Additional Hash Algorithms drafts to incorporate feedback regarding discovery and negotiation complexity.