Link to RFC 9700 OAuth 2.0 Best Current Practices

2026-06-13 11:47:48 +02:00 · 2026-05-13 21:17:00 +01:00 · 2026-05-13 21:17:00 +01:00 · bc66176e88
parent 656bf61a3c
commit bc66176e88
2 changed files with 4 additions and 0 deletions
--- a/changelogs/client_server/newsfragments/2379.clarification
+++ b/changelogs/client_server/newsfragments/2379.clarification
@ -0,0 +1 @@
+Add link to RFC 9700 OAuth 2.0 Best Current Practices.
--- a/content/client-server-api/_index.md
+++ b/content/client-server-api/_index.md
@ -1742,6 +1742,9 @@ over the requirements to create a new account and is not limited by the steps
 defined in this specification. It also means that less trust is given to clients
 because they don't have access to the user's credentials anymore.

+The best practices from [RFC 9700](https://datatracker.ietf.org/doc/html/rfc9700)
+are applicable to this API and are recommended reading for implementors.
+
 {{% boxes/warning %}}
 The [User-Interactive Authentication API](#user-interactive-authentication-api)
 is not compatible with the OAuth 2.0 API, so the endpoints that depend on it for
				`@ -0,0 +1 @@`
				`Add link to RFC 9700 OAuth 2.0 Best Current Practices.`