Password and Implicit are already not part of OAuth 2.0 as ... • Aaron Parecki

58°F

Farasath Ahamed https://twitter.com/farazath619 • Oct 6
Noticed that the resource owner password and implicit grants are removed from the 2.1 (For obvious reasons :))

But doesn't that make the OAuth 2.1 framework backward incompatible with OAuth 2.0?

OAuth 2.1 kind of gives the feeling its a slight(minor) change from OAuth 2.0

Password and Implicit are already not part of OAuth 2.0 as described by the Security Best Current Practice. The 2.1 update is leaving them out so that you don't have to first learn about them and then read another doc telling you not to use them.

Portland, Oregon, USA • 48°F

Wed, Oct 6, 2021 8:17am -07:00

3 likes 3 replies
Have you written a response to this? Let me know the URL:
- Dick Hardt twitter.com/DickHardt
  
  New tagline for OAuth 2.1? @aaronpk @tlodderstedt :)
  
  Wed, Oct 6, 2021 3:23pm +00:00 (via brid.gy)
- Aaron Parecki twitter.com/aaronpk
  
  That's one way to say it 😂😂😂
  
  Wed, Oct 6, 2021 3:21pm +00:00 (via brid.gy)
- Farasath Ahamed twitter.com/farazath619
  
  Thanks @aaronpk for the clarification 👍 So OAuth 2.1 is essentially OAuth 2.0 without the naughty bits :)
  
  Wed, Oct 6, 2021 3:20pm +00:00 (via brid.gy)

Posted in /replies using quill.p3k.io