OAuth 2.1

RU: OAuth 2.1

OAuth 2.1 (IETF draft): a consolidation of OAuth 2.0 (RFC 6749) and its security best practices into one specification. It mandates PKCE for all authorization code flows, removes the Implicit grant and the Resource Owner Password Credentials grant, and requires exact redirect URI matching — eliminating the most common attack vectors from the original framework.