Link to RFC 9700 OAuth 2.0 Best Current Practices (#2379)

2026-05-16 06:50:44 +02:00 · 2026-05-14 09:20:43 +01:00 · 2026-05-14 09:20:43 +01:00 · 905165ffd3
parent 684d080f9a
commit 905165ffd3
2 changed files with 4 additions and 0 deletions
--- a/changelogs/client_server/newsfragments/2379.clarification
+++ b/changelogs/client_server/newsfragments/2379.clarification
@ -0,0 +1 @@
+Add link to RFC 9700 OAuth 2.0 Best Current Practices.
--- a/content/client-server-api/_index.md
+++ b/content/client-server-api/_index.md
@ -1742,6 +1742,9 @@ over the requirements to create a new account and is not limited by the steps
 defined in this specification. It also means that less trust is given to clients
 because they don't have access to the user's credentials anymore.

+The best practices from [RFC 9700](https://datatracker.ietf.org/doc/html/rfc9700)
+are applicable to this API and are recommended reading for implementors.
+
 {{% boxes/warning %}}
 The [User-Interactive Authentication API](#user-interactive-authentication-api)
 is not compatible with the OAuth 2.0 API, so the endpoints that depend on it for
				`@ -0,0 +1 @@`
				`Add link to RFC 9700 OAuth 2.0 Best Current Practices.`