0

I was exploring the OAuth 2 device flow recently - and came across this url

urn:ietf:wg:oauth:2.0:oob

The service asked me to keep this as the redirect URL if I was using device flow.

I also read this whole paper https://datatracker.ietf.org/doc/html/draft-ietf-oauth-device-flow-06 and there is no mention of such a URL.

I was hoping to find out more information about this and any resources on the internet where its origins were discussed.

EDIT

I found the following - https://www.ietf.org/mail-archive/web/oauth/current/msg09988.html

The person also asks for clarification on why is this URL absent from OAuth 2 spec.

But it does not seem to have a precise response from anyone.

Community
  • 1
  • 1
Saket Mehta
  • 2,438
  • 2
  • 23
  • 28
  • I think this is the answer you are looking for: https://stackoverflow.com/a/12712923/88122 – jwilleke Oct 09 '17 at 12:00
  • That answer explains its use, which I am already aware of. I am looking for an IETF approved paper where this kind of a URL is mentioned or recommended. – Saket Mehta Oct 10 '17 at 10:01

1 Answers1

2

From the information I have been able to obtain, the "urn:ietf:wg:oauth:2.0:oob" has been replaced with OAuth 2.0 for Native Apps (RFC 8252) using the Private-Use URI Scheme Redirection

The Google page shows deprecation notices in options 3 and 4 in the "create authorization credentials" section; you can find the "oob" URN later in the doc, associated with the same options.

More details from the OAUTH-WG

Community
  • 1
  • 1
jwilleke
  • 10,467
  • 1
  • 30
  • 51