<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-oauth-security-topics-update-03" category="bcp" consensus="true" submissionType="IETF" updates="6749, 6750, 7521, 7522, 7523, 9700" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Updates to OAuth 2.0 Security BCP">Updates to OAuth 2.0 Security Best Current Practice</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-security-topics-update-03"/>
    <seriesInfo name="bcp" value="240"/>
    <author fullname="Tim Würtele">
      <organization>University of Stuttgart</organization>
      <address>
        <postal>
          <country>Germany</country>
        </postal>
        <email>tim.wuertele@sec.uni-stuttgart.de</email>
      </address>
    </author>
    <author fullname="Pedram Hosseyni">
      <organization>University of Stuttgart</organization>
      <address>
        <postal>
          <country>Germany</country>
        </postal>
        <email>pedram.hosseyni@sec.uni-stuttgart.de</email>
      </address>
    </author>
    <author fullname="Kaixuan Luo">
      <organization abbrev="CUHK">The Chinese University of Hong Kong</organization>
      <address>
        <postal>
          <region>Hong Kong</region>
          <country>China</country>
        </postal>
        <email>kaixuan@ie.cuhk.edu.hk</email>
      </address>
    </author>
    <author fullname="Adonis Fung">
      <organization>Samsung Research America</organization>
      <address>
        <postal>
          <country>USA</country>
        </postal>
        <email>adonis.fung@samsung.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>Web Authorization Protocol</workgroup>
    <keyword>security</keyword>
    <keyword>oauth2</keyword>
    <keyword>best current practice</keyword>
    <abstract>
      <?line 240?>

<t>This document updates the set of best current security practices for
OAuth 2.0 by extending the security advice given in RFC 6749, RFC
6750, and RFC 9700, to cover new threats that have been discovered
since the former documents have been published.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://SECtim.github.io/draft-wuertele-oauth-security-topics-update/draft-ietf-oauth-security-topics-update.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics-update/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Web Authorization Protocol Working Group mailing list (<eref target="mailto:oauth@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/oauth/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/oauth/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/SECtim/draft-wuertele-oauth-security-topics-update"/>.</t>
    </note>
  </front>
  <middle>
    <?line 248?>

<section anchor="Introduction">
      <name>Introduction</name>
      <t>Since the publication of the first OAuth 2.0 Security Best Practices
document <xref target="RFC9700"/>, new threats to OAuth 2.0 ecosystems have been
identified. This document therefore serves as an extension of the
original <xref target="RFC9700"/> and is to be read in conjunction with it.</t>
      <t>Like <xref target="RFC9700"/> before, this document provides important security
recommendations and it is <bcp14>RECOMMENDED</bcp14> that implementers upgrade their
implementations and ecosystems as soon as feasible.</t>
      <section anchor="structure">
        <name>Structure</name>
        <t>The remainder of this document is organized as follows: Section 2 is a detailed analysis of the threats and implementation issues that can be found in the wild (at the time of writing) along with a discussion of potential countermeasures.</t>
      </section>
      <section anchor="conventions-and-terminology">
        <name>Conventions and Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>This specification uses the terms "access token", "authorization
endpoint", "authorization grant", "authorization server", "client",
"client identifier" (client ID), "protected resource", "refresh
token", "resource owner", "resource server", and "token endpoint"
defined by OAuth 2.0 <xref target="RFC6749"/>.</t>
        <t><cref anchor="terminology-update" source="Tim W.">Make sure to update this list once the
technical sections below are completed.</cref></t>
      </section>
    </section>
    <section anchor="AttacksMitigations">
      <name>Attacks and Mitigations</name>
      <t>This section gives a detailed description of new attacks on OAuth implementations, along with potential countermeasures. Attacks and mitigations already covered in <xref target="RFC9700"/> are not listed here, except where clarifications or new recommendations are made.</t>
      <section anchor="AudienceInjection">
        <name>Audience Injection Attacks</name>
        <t>When using signature-based client authentication methods such as
<tt>private_key_jwt</tt> as defined in <xref target="OpenID.Core"/> or signed JWTs as
defined in <xref target="RFC7521"/> and <xref target="RFC7523"/>, a malicious authorization
server may be able to obtain and use a client's authentication
credential, enabling them to impersonate a client towards another
honest authorization server.</t>
        <section anchor="attack-description">
          <name>Attack Description</name>
          <t>The descriptions here follow <xref target="research.ust"/>, where additional details
of the attack are laid out.  Audience injection attacks require a client
to interact with at least two authorization servers, one of which is
malicious, and to authenticate to both with a signature-based
authentication method using the same key pair.  The following
description uses the <tt>jwt-bearer</tt> client authentication from
<xref target="RFC7523"/>, see <xref target="AudienceInjectionAuthNMethods"/> for other affected
client authentication methods.  Furthermore, the client needs to be
willing to authenticate at an endpoint other than the token endpoint at
the attacker authorization server (see <xref target="AudienceInjectionEndpoints"/>).</t>
          <section anchor="core-attack-steps">
            <name>Core Attack Steps</name>
            <t>In the following, let H-AS be an honest authorization server and let
A-AS be an attacker-controlled authorization server.</t>
            <t>Assume that the authorization servers publish the following URIs for
their token endpoints, for example via mechanisms such as authorization
server metadata <xref target="RFC8414"/> or OpenID Discovery <xref target="OpenID.Discovery"/>.
The exact publication mechanism is not relevant, as audience injection
attacks are also possible on clients with manually configured
authorization server metadata.</t>
            <t>Excerpt from H-AS' metadata:</t>
            <sourcecode type="javascript"><![CDATA[
"issuer": "https://honest.com",
"token_endpoint": "https://honest.com/token",
...
]]></sourcecode>
            <t>Excerpt from A-AS' metadata:</t>
            <sourcecode type="javascript"><![CDATA[
"issuer": "https://attacker.com",
"token_endpoint": "https://honest.com/token",
...
]]></sourcecode>
            <t>Therefore, the attacker authorization server claims to use the honest
authorization server's token endpoint. Note that the attacker
authorization server does not control this endpoint. The attack then
commences as follows:</t>
            <ol spacing="normal" type="1"><li>
                <t>Client registers at H-AS, and gets assigned a client ID <tt>cid</tt>.</t>
              </li>
              <li>
                <t>Client registers at A-AS, and gets assigned the same client ID
<tt>cid</tt>. Note that the client ID is not a secret (<xref section="2.2" sectionFormat="of" target="RFC6749"/>).</t>
              </li>
            </ol>
            <t>Now, whenever the client creates a client assertion for authentication
to A-AS, the assertion consists of a JSON Web Token (JWT) that is signed
by the client and contains, among others, the following claims:</t>
            <sourcecode type="json"><![CDATA[
"iss": "cid",
"sub": "cid",
"aud": "https://honest.com/token"
]]></sourcecode>
            <t>Due to the malicious use of H-AS' token endpoint in A-AS' authorization
server metadata, the <tt>aud</tt> claim contains H-AS' token endpoint (see
<xref target="TokenEPasAud"/>).  Recall that both A-AS and H-AS registered the
client with client ID <tt>cid</tt>, and that the client uses the same key pair
for authentication at both authorization servers.  Hence, this client
assertion is a valid authentication credential for the client at H-AS.</t>
            <t>Once the attacker obtained such a client assertion, it can impersonate
the client towards H-AS.  This enables multiple attacks.  For example,
the attacker may obtain access tokens via a client credentials grant.
Another example is the attacker initiating a regular authorization code
grant where a victim user grants access to the honest client at H-AS,
but the access token ends up with the attacker (since the attacker fully
impersonates the client in this case, mechanisms like DPoP <xref target="RFC9449"/>
cannot protect against the attack).</t>
            <t>Further attack scenarios and additional details are given in
<xref target="research.ust"/>.</t>
          </section>
          <section anchor="TokenEPasAud">
            <name>Token Endpoint as Client Assertion Audience</name>
            <t>The use of the token endpoint to identify the authorization server as a
client assertion's audience (even for client assertions that are not sent
to the token endpoint) is encouraged, or at least allowed by many
standards, including <xref target="RFC7521"/>, <xref target="RFC7522"/>, <xref target="RFC7523"/>, <xref target="RFC9126"/>,
<xref target="OpenID.Core"/>, <xref target="OpenID.CIBA"/>, and all standards referencing the IANA
registry for OAuth Token Endpoint Authentication Methods for available
client authentication methods.</t>
          </section>
          <section anchor="AudienceInjectionEndpoints">
            <name>Endpoints Requiring Client Authentication</name>
            <t>As mentioned above, the attack is only possible if the client
authenticates to an endpoint other than the token endpoint at A-AS.
This is because if the client sends a token request to A-AS, it will use
A-AS' token endpoint as published by A-AS and hence, send the token
request to H-AS, i.e., the attacker cannot obtain the client assertion.</t>
            <t>As detailed in <xref target="research.ust"/>, the attack is confirmed to be possible
if the client authenticates with such client assertions at the following
endpoints of A-AS:</t>
            <ul spacing="normal">
              <li>
                <t>Pushed Authorization Endpoint (see <xref target="RFC9126"/>)</t>
              </li>
              <li>
                <t>Token Revocation Endpoint (see <xref target="RFC7009"/>)</t>
              </li>
              <li>
                <t>CIBA Backchannel Authentication Endpoint (see <xref target="OpenID.CIBA"/>)</t>
              </li>
              <li>
                <t>Device Authorization Endpoint (see <xref target="RFC8628"/>)</t>
              </li>
            </ul>
            <t>Note that this list of examples is not exhaustive. Hence, any client
that might authenticate at any endpoint other than the token endpoint
<bcp14>SHOULD</bcp14> employ countermeasures as described in
<xref target="AudienceInjectionCountermeasures"/>.</t>
          </section>
          <section anchor="AudienceInjectionAuthNMethods">
            <name>Affected Client Authentication Methods</name>
            <t>The same attacks are possible for the <tt>private_key_jwt</tt> client
authentication method defined in <xref target="OpenID.Core"/>, as well as
instantiations of client authentication assertions defined in
<xref target="RFC7521"/>, including the SAML assertions defined in <xref target="RFC7522"/>.</t>
            <t>Furthermore, a similar attack is possible for <tt>jwt-bearer</tt> authorization
grants as defined in <xref section="2.1" sectionFormat="of" target="RFC7523"/>, albeit under
additional assumptions (see <xref target="research.ust"/> for details).</t>
          </section>
        </section>
        <section anchor="AudienceInjectionCountermeasures">
          <name>Countermeasures</name>
          <t>At its core, audience injection attacks exploit the fact that, from the
client's point of view, an authorization server's token endpoint is a
mostly opaque value and does not uniquely identify an authorization
server.  Therefore, an attacker authorization server may claim any URI
as its token endpoint, including, for example, an honest authorization
server's issuer identifier. Hence, as long as a client uses the token
endpoint as an audience value when authenticating to the attacker
authorization server, audience injection attacks are possible.
Therefore, audience injection attacks need to be prevented by the
client.</t>
          <t>Clients that interact with more than one authorization server and
authenticate with signature-based client authentication methods <bcp14>MUST</bcp14>
employ one of the following countermeasures, unless audience injection
attacks are mitigated by other means, such as using fresh key material
for each authorization server.  It is <bcp14>RECOMMENDED</bcp14> to prefer the
countermeasure described in <xref target="AudienceInjectionCountermeasuresASissuer"/>.</t>
          <t>The countermeasures described below mandate the use of single audience
value (as opposed to multiple audiences in an array).  This is because
<xref section="4.1.3" sectionFormat="of" target="RFC7519"/> allows the receiver of an
audience-restricted JWT to accept the JWT even if the receiver
identifies with only one of the values in such an array.  Since the
countermeasures rely on the client using an unambiguous audience value,
there is no value in including additional ones (that would need to be
unambiguous as well).</t>
          <section anchor="AudienceInjectionCountermeasuresASissuer">
            <name>Authorization Server Issuer Identifier</name>
            <t>Clients <bcp14>MUST</bcp14> use the authorization server's issuer identifier as defined
in <xref target="RFC8414"/>/<xref target="OpenID.Discovery"/> as the sole audience value in
client assertions. Clients <bcp14>MUST</bcp14> retrieve and validate this value as
described in <xref section="3.3" sectionFormat="of" target="RFC8414"/>/Section 4.3 of
<xref target="OpenID.Discovery"/>.</t>
            <t>For <tt>jwt-bearer</tt> client assertions as defined by <xref target="RFC7523"/>, this
mechanism is also described in <xref target="OAUTH-7523bis"/>.</t>
            <t>Note that "issuer identifier" here does not refer to the term "issuer"
as defined in <xref section="4.4" sectionFormat="of" target="RFC9700"/>, but to the issuer identifier
defined in <xref target="RFC8414"/> and <xref target="OpenID.Discovery"/>. In particular, the
issuer identifier is not just "an abstract identifier for the
combination of the authorization endpoint and token endpoint".</t>
          </section>
          <section anchor="AudienceInjectionCountermeasuresTargetEP">
            <name>Exact Target Endpoint URI</name>
            <t>Clients <bcp14>MUST</bcp14> use the exact endpoint URI to which a client assertion is
sent as that client assertion's sole audience value.</t>
            <t>This countermeasure can be used for authorization servers that do not
use authorization server metadata <xref target="RFC8414"/> or OpenID Discovery
<xref target="OpenID.Discovery"/>.</t>
          </section>
          <section anchor="implementation-considerations">
            <name>Implementation Considerations</name>
            <t>Technically, the countermeasures described in
<xref target="AudienceInjectionCountermeasuresASissuer"/> and
<xref target="AudienceInjectionCountermeasuresTargetEP"/> do not imply any normative
changes to the authorization server: <xref section="4.1.3" sectionFormat="of" target="RFC7519"/>
requires the authorization server to only accept a (client assertion) JWT if the
authorization server can identify itself with (at least one of the
elements in) the JWT's audience value. Client assertions produced by a
client implementing one of these countermeasures meet this condition.</t>
            <t>However, some existing authorization server implementations only accept
their token endpoint as the audience value in client assertions,
including for authentication at endpoints other than the token endpoint.
Clients interacting with such authorization servers <bcp14>MUST</bcp14> employ
alternative countermeasures.  In this case, clients <bcp14>SHOULD</bcp14> use one of
the following countermeasures, in decreasing order of preference:</t>
            <ol spacing="normal" type="1"><li>
                <t>Use distinct authentication key material with each authorization server.</t>
              </li>
              <li>
                <t>Ensure the use of unique client identifiers across all authorization servers (note that this might not be feasible in some ecosystems, for example, in connection with OpenID Federation <xref target="OpenID.Federation"/>).</t>
              </li>
              <li>
                <t>Ensure uniqueness of all (client identifier, token endpoint) pairs and use the token endpoint as the sole audience value in all client assertions.</t>
              </li>
            </ol>
            <t>While an authorization server that already accepts (among other values)
its issuer identifier or the exact endpoint as client assertion audience
values does not need to change anything, such an authorization server
<bcp14>MAY</bcp14> still decide to restrict acceptance to its issuer identifier
(<xref target="AudienceInjectionCountermeasuresASissuer"/>) or the endpoint that
received the client assertion
(<xref target="AudienceInjectionCountermeasuresTargetEP"/>) as an audience value, for
example, to force its clients to adopt the respective countermeasure.</t>
          </section>
        </section>
      </section>
      <section anchor="COAT">
        <name>Cross-toolkit OAuth Account Takeover</name>
        <t>It is increasingly common for a single OAuth client to access protected resources of multiple <em>tools</em> on behalf of users. Each set of tools, referred to as a <em>toolkit</em> in the following, is mapped to an <em>OAuth provider</em> configuration, which includes at least the authorization server (AS) endpoints and the client registration. A successful <em>OAuth connection</em> is established when the OAuth client obtains an access token for a tool based on its corresponding OAuth provider configuration. The client can then use the access token to access the user's protected resources at the tool's resource server (RS).</t>
        <t>Multiple OAuth connections can be linked to some form of user identity in the following non-normative example deployment scenarios:</t>
        <ul spacing="normal">
          <li>
            <t>Application Integration: The OAuth connections made with different toolkits are linked to an application's user account or session (e.g., represented by an application's user identifier or an anonymous session identifier). This is common where a user authorizes an application (e.g., a cloud platform or an agentic AI service) to orchestrate multiple tools, some of which together with their OAuth providers can be contributed by the public.</t>
          </li>
          <li>
            <t>Multi-tenant OAuth-as-a-Service (also known as Token Vault): In cases where OAuth responsibilities of a client are managed by a multi-tenant OAuth-as-a-Service provider, a successful OAuth connection is linked to a tenant's user identifier in addition to the tenant identifier. This is a generalization of the last deployment scenario, where an application using this OAuth-as-a-Service becomes a tenant. A tenant can usually choose some off-the-shelf toolkits using (partially) completed OAuth providers, or add their own toolkits with custom OAuth providers to support the tenant's service.</t>
          </li>
        </ul>
        <t>When controlled by an attacker, the open configurations of OAuth providers pose a new threat to this centralized OAuth client design. If the client fails to properly identify, track, and isolate the OAuth connection context (representing a combination of OAuth provider, toolkit, and tenant) in use during an authorization flow, an attacker can exploit this to mount Cross-toolkit OAuth Account Takeover (COAT) attacks (see <xref target="research.cuhk"/> and <xref target="research.cuhk2"/>). The COAT attacker uses a malicious toolkit to steal a victim's authorization code issued by an honest OAuth provider of an honest toolkit, and applies authorization code injection (as defined in <xref section="4.5" sectionFormat="of" target="RFC9700"/>) against a new OAuth connection with the attacker's identity. This results in a compromised OAuth connection between the attacker's application identity and the victim's toolkit access. The impact is equivalent to an account takeover: the attacker can operate the honest toolkit with the victim's account (hijacked either under the same application, or even across tenants that share a vulnerable OAuth-as-a-Service).</t>
        <section anchor="COATDescription">
          <name>Attack Description</name>
          <t>Preconditions: It is assumed that</t>
          <ul spacing="normal">
            <li>
              <t>the implicit or authorization code grant is used with multiple OAuth connection contexts, of which one is considered "honest" (H-Toolkit using H-AuthProvider with H-AS) and one is operated by the attacker (A-Toolkit using A-AuthProvider with A-AS), and</t>
            </li>
            <li>
              <t>the client stores the connection context chosen by the user in a session bound to the user's browser, and</t>
            </li>
            <li>
              <t>the authorization servers properly check the redirection URI by enforcing exact redirection URI matching (otherwise, see Cross Social-Network Request Forgery in <xref target="research.jcs_14"/> for details).</t>
            </li>
          </ul>
          <t>In the following, it is further assumed that the client is registered with H-AS (URI: <tt>https://honest.as.example</tt>, client ID: <tt>7ZGZldHQ</tt>) and with A-AS (URI: <tt>https://attacker.example</tt>, client ID: <tt>666RVZJTA</tt>). Assume that the client issues the redirection URI <tt>https://client.com/honest-cb</tt> for the honest toolkit and <tt>https://client.com/attack-cb</tt> for the attacker-controlled toolkit. URLs shown in the following example are shortened for presentation to include only parameters relevant to the attack.</t>
          <t>Attack on the authorization code grant:</t>
          <ol spacing="normal" type="1"><li>
              <t>A victim user selects to start the grant using A-AS of A-Toolkit (e.g., by initiating a tool use on an agentic AI service).</t>
            </li>
            <li>
              <t>The client stores in the user's session that the user has selected this OAuth connection context and redirects the user to A-AS's authorization endpoint with a Location header containing the URL <tt>https://attacker.example/authorize?response_type=code&amp;client_id=666RVZJTA&amp;state=[state]</tt>
                <tt>&amp;redirect_uri=https%3A%2F%2Fclient.com%2Fattack-cb</tt>.</t>
            </li>
            <li>
              <t>When the user's browser navigates to the A-AS, the attacker immediately redirects the browser to the authorization endpoint of H-AS. In the authorization request, the attacker uses an authorization request URL of H-AS and replaces the <tt>state</tt> with the one freshly received. Therefore, the browser receives a redirection with a Location header pointing to <tt>https://honest.as.example/authorize?response_type=code&amp;client_id=7ZGZldHQ&amp;state=[state]</tt>
                <tt>&amp;redirect_uri=https%3A%2F%2Fclient.com%2Fhonest-cb</tt>.</t>
            </li>
            <li>
              <t>Due to implicit or prior approvals, the user might not be prompted for re-consent. H-AS issues a code and sends it (via the browser) back with the <tt>state</tt> to the client.</t>
            </li>
            <li>
              <t>Since the client still assumes that the code was issued by A-AS of A-Toolkit, as stored in the user's session (with <tt>state</tt> verified), it will try to redeem the code at A-AS's token endpoint.</t>
            </li>
            <li>
              <t>The attacker therefore obtains the code and can either exchange the code for an access token (for public clients) or perform an authorization code injection attack as described in <xref section="4.5" sectionFormat="of" target="RFC9700"/>.</t>
            </li>
          </ol>
          <t>Note that merely issuing distinct redirection URIs per OAuth connection context, as used in this example, does not prevent the attack: in Step 5, the client fails to verify that the connection context incorporated in the redirection URI on which the authorization response was received (H-Toolkit) matches the connection context recorded in the user's session for this flow (A-Toolkit), as required in <xref target="COATCountermeasure"/>. The same vulnerability would also arise if the client had issued a single shared redirection URI (e.g., <tt>https://client.com/cb</tt>) for both toolkits.</t>
          <t>This Cross-toolkit OAuth Account Takeover (COAT) attack is a generalization of the Cross-app OAuth Account Takeover as defined in <xref target="research.cuhk"/> and the mix-up attack as defined in <xref section="4.4" sectionFormat="of" target="RFC9700"/>. This COAT attack exploits confusion between the OAuth connection contexts (i.e., combinations of OAuth provider, toolkit, and tenant) of a centralized client rather than being limited to confusion between two distinct authorization servers.</t>
          <t>Variants:</t>
          <ul spacing="normal">
            <li>
              <t>COAT under the OAuth-as-a-Service context: the attack above can be launched with a malicious tenant by adding a custom toolkit with an OAuth provider that targets an honest AS used by another tenant's toolkit.</t>
            </li>
            <li>
              <t>Implicit Grant: In the implicit grant, the attacker receives an access token instead of the code in Step 4.  The attacker's authorization server receives the access token when the client makes either a request to the A-AS userinfo endpoint (defined in <xref target="OpenID.Core"/>) or a request to the attacker's resource server (since the client believes it has completed the flow with A-AS).</t>
            </li>
            <li>
              <t>Cross-toolkit OAuth Request Forgery (CORF): If clients do not store the selected OAuth connection context in the user's session, but in the redirection URI instead, attackers can mount an attack called Cross-toolkit OAuth Request Forgery (CORF). This results in a compromised OAuth connection between the victim's application identity and the attacker's toolkit access. The goal of this specific attack variant is not to obtain an authorization code or access token, but to force the client to use an attacker's authorization code or access token for H-AS. This Cross-toolkit OAuth Request Forgery attack is a generalization of the Cross-app OAuth Request Forgery as defined in <xref target="research.cuhk"/> and, when the OAuth connection context is limited to the AS, the Naïve RP Session Integrity Attack as detailed in Section 3.4 of <xref target="arXiv.1601.01229"/>.</t>
            </li>
            <li>
              <t>OpenID Connect: Some variants can be used to attack OpenID Connect. In these attacks, the attacker misuses features of the OpenID Connect Discovery <xref target="OpenID.Discovery"/> mechanism or replays access tokens or ID Tokens to conduct a mix-up attack. The attacks are described in detail in Appendix A of <xref target="arXiv.1704.08539"/> and Section 6 of <xref target="arXiv.1508.04324v2"/> ("Malicious Endpoints Attacks").</t>
            </li>
          </ul>
        </section>
        <section anchor="COATCountermeasure">
          <name>Countermeasures</name>
          <t>The client <bcp14>MUST</bcp14> use all variables in its supported OAuth connection context to form a connection context identifier that uniquely identifies each AS instance configured at the client. This identifier always includes the unique toolkit identifier. Additionally,</t>
          <ul spacing="normal">
            <li>
              <t>a client allowing each toolkit to use multiple OAuth providers, where one provider's AS may be compromised as assumed in <xref section="4.4" sectionFormat="of" target="RFC9700"/>, <bcp14>MUST</bcp14> also include the OAuth provider identifier;</t>
            </li>
            <li>
              <t>a multi-tenant client <bcp14>MUST</bcp14> also include the tenant identifier, if the toolkit identifier is not globally unique.</t>
            </li>
          </ul>
          <t>Unless otherwise specified as follows, the following requirements apply: the client <bcp14>MUST</bcp14> issue a per-context distinct redirection URI that incorporates this unique connection context identifier. When initiating an authorization request, the client <bcp14>MUST</bcp14> store this identifier in the user's session. When an authorization response is received on the redirection endpoint, the client <bcp14>MUST</bcp14> also check that the context identifier from the distinct redirection URI matches the one in the user's session. If there is a mismatch, the client <bcp14>MUST</bcp14> abort the flow.</t>
          <t>Existing countermeasures for mix-up attacks (<xref section="4.4" sectionFormat="of" target="RFC9700"/>) can serve as a replacement under the following conditions:</t>
          <ul spacing="normal">
            <li>
              <t>the client has entirely dropped support for the implicit grant, and</t>
            </li>
            <li>
              <t>the OAuth provider specifies an AS not by individually configured AS endpoints but instead by an abstract issuer identifier (as defined in <xref section="4.4.2" sectionFormat="of" target="RFC9700"/>) that represents the endpoints, and</t>
            </li>
            <li>
              <t>the issuer identifier is used either in place of the connection context identifier in the redirection URI or is separately returned according to <xref target="RFC9207"/>, and</t>
            </li>
            <li>
              <t>an additional runtime resolution is used to resolve the issuer to retrieve the associated AS endpoints (e.g., with the authorization server metadata <xref target="RFC8414"/> or OpenID Discovery <xref target="OpenID.Discovery"/>). Clients using such resolution solely to pre-populate individual AS endpoint fields without any coupling with the issuer identifier will remain vulnerable.</t>
            </li>
          </ul>
          <t>Compared with existing countermeasures for mix-up attacks, which rely on an issuer identifier that each AS uses to uniquely identify itself and that the client stores, the connection context identifier approach lets the client uniquely identify each AS instance it has configured. This approach is particularly useful for clients that provision AS endpoints with manually configured metadata, where an issuer identifier may not be available.</t>
        </section>
      </section>
      <section anchor="SessionFixation">
        <name>Cross-user OAuth Session Fixation</name>
        <t>Upon completion of an OAuth flow, a client often associates the resulting tokens with the user's identity at the client (e.g., the application's user account or an anonymous guest user identity). This identity information is supposedly maintained in an established session that is already bound to the user agent and accessible to the client during the OAuth flow.</t>
        <t>In real-world deployments, however, this assumption can be broken for various reasons. For instance, when a native app's backend acts as a confidential OAuth client (commonly referred to as the backend-for-frontend pattern), the OAuth flow crosses user agents, but the established session does not: the native app obtains from the client a URI to request authorization, then opens it in an external user agent (typically the browser, as defined in <xref target="RFC8252"/>) that has no established session with the client. As a workaround, the client may introduce a session fixation vulnerability: it encodes a session identifier into the URI, which fixates a dedicated authorization session to complete the OAuth flow for the user at the client.</t>
        <t>The Cross-user OAuth Session Fixation exploits this session fixation attack vector. The attacker tricks a victim user into completing an OAuth flow that the attacker has initiated at the client. Because the authorization session fixated by the attacker designates the attacker's identity at the client, the tokens issued for the victim's protected resources become associated with the attacker.</t>
        <t>In general, this session fixation vulnerability may be viewed as violating the requirement of "binding the contents of state to the browser [more precisely, the initiating user agent] session" to defend against Cross-Site Request Forgery (CSRF, see <xref section="4.7" sectionFormat="of" target="RFC9700"/>). However, while PKCE <xref target="RFC7636"/> can mitigate CSRF, PKCE alone cannot mitigate this new attack: Since the entire OAuth flow, including the authorization request and the request to the redirection endpoint, is completed by the same victim user, the cryptographic binding between the authorization request and access token request enforced by PKCE is preserved. The impact of the new attack is also more severe than that of typical CSRF attacks.</t>
        <t>Note that this section focuses on the authorization code grant in same-device scenarios. For similar attacks in cross-device flows, see <xref section="4" sectionFormat="of" target="CDFS"/>.</t>
        <section anchor="FixationAttack">
          <name>Attack Description</name>
          <t>Preconditions: It is assumed that the client has maintained a user's session but, for usability reasons, does not want to or cannot identify the user via the session at the redirection endpoint.</t>
          <t>Example Attack:</t>
          <ol spacing="normal" type="1"><li>
              <t>From a vulnerable client, the attacker initiates OAuth and obtains an authorization request URI, in which the <tt>state</tt> parameter encodes a newly created authorization session of the attacker.</t>
            </li>
            <li>
              <t>The attacker sends this authorization request URI to a victim user.</t>
            </li>
            <li>
              <t>The victim user visits the URI and authorizes the client to access their resources. The consent prompt can be skipped due to prior or implicit approvals.</t>
            </li>
            <li>
              <t>Upon receiving the <tt>state</tt> at the redirection endpoint, the client fixates the attacker's authorization session and completes the OAuth flow.</t>
            </li>
            <li>
              <t>The attacker's identity at the client now gains access to the victim's resources.</t>
            </li>
          </ol>
          <t>The following diagram illustrates the attack:</t>
          <artwork><![CDATA[
Attacker     (Victim) User          Client           AS             RS
    |                |                |              |              |
    | Initiate OAuth flow             |              |              |
    |-------------------------------->|              |              |
    | authz req URI with              |              |              |
    | state=attacker_auth_session     |              |              |
    |<--------------------------------|              |              |
    |                |                |              |              |
    | Send URI to victim out-of-band  |              |              |
    | (e.g., via phishing link)       |              |              |
    |--------------->|                |              |              |
    |                |                |              |              |
    |                | Visit authz req URI           |              |
    |                |------------------------------>|              |
    |                | User consent (may be skipped) |              |
    |                |<----------------------------->|              |
    |                |                | authz res with code +       |
    |                |                | state=attacker_auth_session |
    |                |                |<-------------|              |
    |                |                | Exchange code for token     |
    |                |                |<------------>|              |
    |                |  token for victim's resources |              |
    |                |  associated with attacker's   |              |
    |                |  identity at the client       |              |
    |                |                |              |              |
    | Access resources                |              |              |
    |-------------------------------->|              |              |
    |                |                | Resource request with token |
    |                |                | for victim's resources      |
    |                |                |<--------------------------->|
    | Unauthorized access to          |              |              |
    | victim's resources              |              |              |
    |<--------------------------------|              |              |
]]></artwork>
          <t>Variant:</t>
          <t>After the OAuth flow is initiated, the client may first generate an implementation-specific "pre-authorization" URI for the purpose of fixating an authorization session, before redirecting the user agent to the authorization endpoint.</t>
          <t>Non-normative example request:</t>
          <artwork><![CDATA[
GET /oauth?auth_session_id=6064f11c-f73e-425b-b9b9-4a36088cdb2b HTTP/1.1
Host: client.com
]]></artwork>
          <t>Non-normative example response:</t>
          <artwork><![CDATA[
HTTP/1.1 303 See Other
Location: https://as.example/authorize?
          response_type=code&client_id=K9dTpWzqL7&state=b1d8f043
          &redirect_uri=https%3A%2F%2Fclient.com%2Fcb
Set-Cookie: auth_session_id=6064f11c-f73e-425b-b9b9-4a36088cdb2b
]]></artwork>
          <t>In this variant, the attacker obtains and sends the pre-authorization URI to the victim user instead of the authorization request URI. When the victim visits this URI, the attacker's authorization session is fixated before the authorization request, rather than at the redirection endpoint as in Step 4.</t>
        </section>
        <section anchor="FixationCountermeasures">
          <name>Countermeasures</name>
          <t>To defend against the Cross-user OAuth Session Fixation attack, the client <bcp14>MUST</bcp14> ensure that an OAuth flow initiated by one user is completed by the same user.</t>
          <t>The most straightforward countermeasure is to identify the initiating user via their existing session at the client, rather than introducing a fixated session, if usability conditions permit. However, eliminating the session fixation vector may not always be feasible due to deployment constraints. For instance, the application's session management and OAuth responsibilities may be handled by separate entities (e.g., separate services isolated under different origins, or with the OAuth responsibilities outsourced to an OAuth-as-a-Service provider as described in <xref target="COAT"/>), or the corresponding endpoints may be accessed from different user agents (e.g., a native app versus a browser). Such deployments have been observed in practice (see <xref target="research.cuhk2"/>).</t>
          <t>Hence, the client <bcp14>MUST</bcp14> validate the binding of any newly fixated authorization session (conveyed via <tt>state</tt> or the pre-authorization URI) to the existing user session (maintained at the user agent) that initiates the OAuth flow, before proceeding with the access token request. Depending on the specific current settings:</t>
          <ul spacing="normal">
            <li>
              <t>If the user session is accessible at the redirection endpoint, the client can validate this binding directly.</t>
            </li>
            <li>
              <t>If the user session is not accessible at the redirection endpoint, for example, because the redirection endpoint is hosted on a different origin or accessed from a different user agent than where the user session is maintained, the countermeasure requires one of the following to make the session accessible prior to validation:  </t>
              <ul spacing="normal">
                <li>
                  <t>an implementation change to co-locate the redirection endpoint under the same origin as the endpoint maintaining the user session, and/or to re-authenticate the user at the redirection endpoint from the external user agent (e.g., the browser), or</t>
                </li>
                <li>
                  <t>from the current redirection endpoint, performing a further redirection back to the starting origin and/or user agent where the user session is available. For native apps, the redirect options specified in <xref section="7" sectionFormat="of" target="RFC8252"/> <bcp14>MUST</bcp14> be used. The location of this further redirection <bcp14>MUST NOT</bcp14> be controllable by an attacker, or it will result in Open Redirection (<xref section="4.11" sectionFormat="of" target="RFC9700"/>).</t>
                </li>
              </ul>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="SharedConsent">
        <name>Shared Consent in Brokered OAuth</name>
        <t>In a brokered OAuth deployment, an intermediate entity (called the <em>broker</em> in the following) mediates between downstream clients and one or more upstream authorization servers (referred to as <em>AS</em> in the following).
The broker acts as an OAuth client towards each AS.
Towards its downstream clients, the broker either acts as an authorization server itself, exposing a standards-compliant OAuth interface, or it exposes a custom, non-OAuth interface.</t>
        <t>The attack and countermeasures described in this section apply regardless of which of these two interfaces the broker exposes to its downstream clients.</t>
        <t>Throughout this section, the terms <em>upstream</em> and <em>downstream</em> are used relative to the broker and the direction in which authorization flows.
The AS is <em>upstream</em> as the source of authorization and tokens, while the clients the broker serves are <em>downstream</em> as the recipients of the access the broker obtains on their behalf.</t>
        <t>The term <em>downstream client</em> furthermore denotes a unit of trust rather than necessarily a single application or an OAuth client in the sense of <xref target="RFC6749"/>.
Multiple applications under common administrative control, such as the applications of a single tenant of a multi-tenant broker or the applications of an organization operating its own broker, may legitimately share a single registration and consent decision and thus be treated as a single downstream client.
Applications under separate administrative control constitute distinct downstream clients.</t>
        <t>When the broker registers itself once at an AS and reuses this single registration for every downstream client it serves, the AS cannot distinguish between those downstream clients.
As a consequence, the consent the user grants for one downstream client is silently reused for any other downstream client that integrates the same broker.
A malicious downstream client integrated with the same broker can therefore obtain access to the user's protected resources without the user ever consenting to that client.</t>
        <section anchor="SharedConsentDescription">
          <name>Attack Description</name>
          <t>The descriptions here follow <xref target="research.rub"/>, where additional details of the attack are laid out.
Shared consent attacks require at least two downstream clients (one honest, one malicious) to be integrated with the same (honest) broker, and that broker to register itself as a client at the (honest) upstream AS.</t>
          <t>In the following, let <tt>H-Client</tt> and <tt>M-Client</tt> be downstream clients (honest and attacker-controlled, respectively) integrated with broker <tt>B</tt>.
As a non-normative example, the description assumes that <tt>B</tt> exposes a standards-compliant OAuth interface to its downstream clients.</t>
          <t>The broker <tt>B</tt> registers itself once at the AS and obtains a client identifier <tt>cid_B@AS</tt> together with a redirection URI bound to the broker.
The broker uses this registration whenever it issues an authorization request triggered from any of its downstream clients to the AS.
At <tt>B</tt>, <tt>H-Client</tt> is registered as <tt>cid_HC@B</tt> and <tt>M-Client</tt> is registered as <tt>cid_MC@B</tt>, each with its own redirection URI bound to the respective downstream client.
From the point of view of the AS, every flow that <tt>B</tt> initiates appears to come from the same client <tt>cid_B@AS</tt>, regardless of which downstream client actually triggered the flow.</t>
          <t>The broker acts invisibly to the user during the flow.
It renders no consent screen of its own and no other user-visible UI that would indicate that an additional entity is involved between the downstream client and the AS.</t>
          <t>The exact form of the authorization response (<tt>authz res</tt>) returned to a downstream client is out of scope for this attack.</t>
          <t>The flaw is illustrated in the following figure:</t>
          <artwork><![CDATA[
  User        H-Client      M-Client          B                      AS
    |============================ Phase 1 ============================|
    |             |    authz req: cid_HC@B    |                       |
    |             |-------------------------->|                       |
    |             |             |             |  authz req: cid_B@AS  |
    |             |             |             |---------------------->|
    |             |          consent: cid_B@AS|                       |
    |<--------------------------------------------------------------->|
    |             |             |             |       authz res       |
    |             |             |             |<----------------------|
    |             |         authz res         |                       |
    |             |<--------------------------|                       |
    |============================ Phase 2 ============================|
    |             |           authz req: cid_MC@B                     |
    |             |             |------------>|                       |
    |             |             |             |  authz req: cid_B@AS  |
    |             |             |             |---------------------->|
    |             |             |             |       authz res       |
    |             |             |             |<----------------------|
    |             |             |  authz res  |                       |
    |             |             |<------------|                       |
]]></artwork>
          <t>In the second phase of the figure, no consent prompt is rendered for <tt>M-Client</tt>.
The AS only sees the broker's client identifier <tt>cid_B@AS</tt>, for which the user has already granted consent in the first phase, so the AS silently issues a token to <tt>B</tt> (cf. <tt>prompt=none</tt>, as defined in Section 3.1.2.1 of <xref target="OpenID.Core"/>) and <tt>B</tt> returns an <tt>authz res</tt> to <tt>M-Client</tt>.</t>
        </section>
        <section anchor="SharedConsentCountermeasures">
          <name>Countermeasures</name>
          <t>The root cause of shared consent attacks is that the AS cannot tell on whose behalf the broker is acting and therefore cannot ask the user for consent on a per-downstream-client basis.
Brokers <bcp14>MUST</bcp14> employ at least one of the following two countermeasures.</t>
          <section anchor="SharedConsentRegistration">
            <name>Per-Client Registration at the Upstream Authorization Server</name>
            <t>Each downstream client <bcp14>MUST</bcp14> be registered as a separate client at the AS.
When initiating an authorization flow to the AS on behalf of a downstream client, the broker <bcp14>MUST</bcp14> use the registration of exactly that downstream client.</t>
            <t>The specific mechanism by which these per-client registrations are established is out of scope of this document.
In practice, they are commonly established as follows:
The broker provides each downstream client with a redirection URI that is hosted by the broker, and instructs the downstream client to register at every AS it expects to use, using the broker-provided redirection URI.
The downstream client performs this registration at each AS, obtaining a distinct client identifier (e.g., <tt>cid_HC@AS</tt> for <tt>H-Client</tt> and <tt>cid_MC@AS</tt> for <tt>M-Client</tt>) and any associated credentials (such as a client secret).
The downstream client then hands these credentials over to the broker, which gives the broker full control to act on behalf of the downstream client at the AS.</t>
            <t>This countermeasure ensures that the AS recognizes each downstream client as a distinct client, and that any consent prompt rendered by the AS is bound to a single downstream client.
Consent granted for one downstream client is therefore not reusable for another.</t>
            <artwork><![CDATA[
  User        H-Client      M-Client          B                      AS
    |             |             |             |                       |
    |             |    authz req: cid_HC@B    |                       |
    |             |-------------------------->|                       |
    |             |             |             | authz req: cid_HC@AS  |
    |             |             |             |---------------------->|
    |             |         consent: cid_HC@AS|                       |
    |<--------------------------------------------------------------->|
    |             |             |             |       authz res       |
    |             |             |             |<----------------------|
    |             |         authz res         |                       |
    |             |<--------------------------|                       |
    |             |             |             |                       |
    |             |           authz req: cid_MC@B                     |
    |             |             |------------>|                       |
    |             |             |             | authz req: cid_MC@AS  |
    |             |             |             |---------------------->|
    |             |         consent: cid_MC@AS|                       |
    |<--------------------------------------------------------------->|
    |             |             |             |       authz res       |
    |             |             |             |<----------------------|
    |             |             |  authz res  |                       |
    |             |             |<------------|                       |
]]></artwork>
          </section>
          <section anchor="SharedConsentBrokerConsent">
            <name>Broker-Side Consent Screen</name>
            <t>Unless consent for the downstream client has already been granted, the broker <bcp14>MUST</bcp14> present an explicit consent screen to the user that identifies the downstream client, before initiating its own authorization request to the AS on behalf of the downstream client.
The broker <bcp14>MUST NOT</bcp14> skip this consent screen based on a previously granted consent for a different downstream client.
The broker <bcp14>MAY</bcp14> remember the user's consent decision per downstream client (e.g., per <tt>client_id</tt> of the downstream client), but <bcp14>MUST NOT</bcp14> remember it across different downstream clients.</t>
            <t>This countermeasure prevents the broker from silently reusing a consent granted for one downstream client when initiating a request to the AS on behalf of another downstream client, even when the AS cannot distinguish between the broker's downstream clients.</t>
            <artwork><![CDATA[
  User        H-Client      M-Client          B                      AS
    |             |             |             |                       |
    |             |    authz req: cid_HC@B    |                       |
    |             |-------------------------->|                       |
    |            consent: cid_HC@B            |                       |
    |<--------------------------------------->|                       |
    |             |             |             |  authz req: cid_B@AS  |
    |             |             |             |---------------------->|
    |             |          consent: cid_B@AS|                       |
    |<--------------------------------------------------------------->|
    |             |             |             |       authz res       |
    |             |             |             |<----------------------|
    |             |         authz res         |                       |
    |             |<--------------------------|                       |
    |             |             |             |                       |
    |             |           authz req: cid_MC@B                     |
    |             |             |------------>|                       |
    |            consent: cid_MC@B            |                       |
    |<--------------------------------------->|                       |
    |             |             |             |  authz req: cid_B@AS  |
    |             |             |             |---------------------->|
    |             |             |             |       authz res       |
    |             |             |             |<----------------------|
    |             |             |  authz res  |                       |
    |             |             |<------------|                       |
]]></artwork>
          </section>
          <section anchor="SharedConsentDiscussion">
            <name>Discussion of the Countermeasures</name>
            <t>The two countermeasures have different practical trade-offs.</t>
            <t>The Per-Client Registration countermeasure (<xref target="SharedConsentRegistration"/>) confronts the user with at most one consent screen per authorization flow, which improves the user experience.
However, it requires each downstream client to be registered at every AS the broker integrates with, which can be a substantial effort given that a single broker is typically integrated with many ASes.</t>
            <t>The Broker-Side Consent Screen countermeasure (<xref target="SharedConsentBrokerConsent"/>) spares downstream clients this registration effort, since the broker's single registration at each AS is reused for all downstream clients.
However, the user may be confronted with up to two consent screens in a single authorization flow: one rendered by the broker identifying the downstream client, and one rendered by the AS identifying the broker.</t>
            <t>Both countermeasures are implemented entirely on the client side (the downstream client and the broker) and require no software or protocol changes to any AS.</t>
          </section>
        </section>
      </section>
    </section>
    <section anchor="Security">
      <name>Security Considerations</name>
      <t>Security considerations are described in <xref target="AttacksMitigations"/>.</t>
    </section>
    <section anchor="IANA">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC9700">
          <front>
            <title>Best Current Practice for OAuth 2.0 Security</title>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="A. Labunets" initials="A." surname="Labunets"/>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <date month="January" year="2025"/>
            <abstract>
              <t>This document describes best current security practice for OAuth 2.0. It updates and extends the threat model and security advice given in RFCs 6749, 6750, and 6819 to incorporate practical experiences gathered since OAuth 2.0 was published and covers new threats relevant due to the broader application of OAuth 2.0. Further, it deprecates some modes of operation that are deemed less secure or even insecure.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="240"/>
          <seriesInfo name="RFC" value="9700"/>
          <seriesInfo name="DOI" value="10.17487/RFC9700"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC6749">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC7521">
          <front>
            <title>Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants</title>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="Y. Goland" initials="Y." surname="Goland"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>This specification provides a framework for the use of assertions with OAuth 2.0 in the form of a new client authentication mechanism and a new authorization grant type. Mechanisms are specified for transporting assertions during interactions with a token endpoint; general processing rules are also specified.</t>
              <t>The intent of this specification is to provide a common framework for OAuth 2.0 to interwork with other identity systems using assertions and to provide alternative client authentication mechanisms.</t>
              <t>Note that this specification only defines abstract message flows and processing rules. In order to be implementable, companion specifications are necessary to provide the corresponding concrete instantiations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7521"/>
          <seriesInfo name="DOI" value="10.17487/RFC7521"/>
        </reference>
        <reference anchor="RFC7523">
          <front>
            <title>JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for client authentication.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7523"/>
          <seriesInfo name="DOI" value="10.17487/RFC7523"/>
        </reference>
        <reference anchor="RFC8414">
          <front>
            <title>OAuth 2.0 Authorization Server Metadata</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <date month="June" year="2018"/>
            <abstract>
              <t>This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8414"/>
          <seriesInfo name="DOI" value="10.17487/RFC8414"/>
        </reference>
        <reference anchor="RFC8252">
          <front>
            <title>OAuth 2.0 for Native Apps</title>
            <author fullname="W. Denniss" initials="W." surname="Denniss"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <date month="October" year="2017"/>
            <abstract>
              <t>OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user's browser. This specification details the security and usability reasons why this is the case and how native apps and authorization servers can implement this best practice.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="212"/>
          <seriesInfo name="RFC" value="8252"/>
          <seriesInfo name="DOI" value="10.17487/RFC8252"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="OAUTH-7523bis">
          <front>
            <title>Updates to OAuth 2.0 JSON Web Token (JWT) Client Authentication and Assertion-Based Authorization Grants</title>
            <author fullname="Michael B. Jones" initials="M. B." surname="Jones">
              <organization>Self-Issued Consulting</organization>
            </author>
            <author fullname="Brian Campbell" initials="B." surname="Campbell">
              <organization>Ping Identity</organization>
            </author>
            <author fullname="Chuck Mortimore" initials="C." surname="Mortimore">
              <organization>Disney</organization>
            </author>
            <author fullname="Filip Skokan" initials="F." surname="Skokan">
              <organization>Okta</organization>
            </author>
            <date day="12" month="January" year="2026"/>
            <abstract>
              <t>   This specification updates the requirements for audience values in
   OAuth 2.0 Client Assertion Authentication and Assertion-based
   Authorization Grants to address a security vulnerability identified
   in the previous requirements for those audience values in multiple
   OAuth 2.0 specifications.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-rfc7523bis-05"/>
        </reference>
        <reference anchor="CDFS">
          <front>
            <title>Cross-Device Flows: Security Best Current Practice</title>
            <author fullname="Pieter Kasselman" initials="P." surname="Kasselman">
              <organization>Defakto</organization>
            </author>
            <author fullname="Daniel Fett" initials="D." surname="Fett">
              <organization>Authlete</organization>
            </author>
            <author fullname="Filip Skokan" initials="F." surname="Skokan">
              <organization>Okta</organization>
            </author>
            <date day="23" month="January" year="2026"/>
            <abstract>
              <t>   This document describes threats against cross-device flows along with
   practical mitigations, protocol selection guidance, and a summary of
   formal analysis results identified as relevant to the security of
   cross-device flows.  It serves as a security guide to system
   designers, architects, product managers, security specialists, fraud
   analysts and engineers implementing cross-device flows.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-cross-device-security-15"/>
        </reference>
        <reference anchor="OpenID.Core" target="https://openid.net/specs/openid-connect-core-1_0.html">
          <front>
            <title>OpenID Connect Core 1.0 incorporating errata set 2</title>
            <author initials="N." surname="Sakimura" fullname="Nat Sakimura">
              <organization/>
            </author>
            <author initials="J." surname="Bradley" fullname="John Bradley">
              <organization/>
            </author>
            <author initials="M." surname="Jones" fullname="Michael B. Jones">
              <organization/>
            </author>
            <author initials="B." surname="de Medeiros" fullname="Breno de Medeiros">
              <organization/>
            </author>
            <author initials="C." surname="Mortimore" fullname="Chuck Mortimore">
              <organization/>
            </author>
            <date year="2023" month="December"/>
          </front>
        </reference>
        <reference anchor="OpenID.Discovery" target="https://openid.net/specs/openid-connect-discovery-1_0.html">
          <front>
            <title>OpenID Connect Discovery 1.0 incorporating errata set 2</title>
            <author initials="N." surname="Sakimura" fullname="Nat Sakimura">
              <organization/>
            </author>
            <author initials="J." surname="Bradley" fullname="John Bradley">
              <organization/>
            </author>
            <author initials="M." surname="Jones" fullname="Michael B. Jones">
              <organization/>
            </author>
            <author initials="E." surname="Jay" fullname="Edmund Jay">
              <organization/>
            </author>
            <date year="2023" month="December"/>
          </front>
        </reference>
        <reference anchor="OpenID.CIBA" target="https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html">
          <front>
            <title>OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0</title>
            <author initials="G." surname="Fernandez" fullname="Gonzalo Fernandez Rodriguez">
              <organization/>
            </author>
            <author initials="F." surname="Walter" fullname="Florian Walter">
              <organization/>
            </author>
            <author initials="A." surname="Nennker" fullname="Axel Nennker">
              <organization/>
            </author>
            <author initials="D." surname="Tonge" fullname="Dave Tonge">
              <organization/>
            </author>
            <author initials="B." surname="Campbell" fullname="Brian Campbell">
              <organization/>
            </author>
            <date year="2021" month="September"/>
          </front>
        </reference>
        <reference anchor="OpenID.Federation" target="https://openid.net/specs/openid-federation-1_0-final.html">
          <front>
            <title>OpenID Federation 1.0</title>
            <author initials="R." surname="Hedberg" fullname="Roland Hedberg">
              <organization/>
            </author>
            <author initials="M." surname="Jones" fullname="Michael B. Jones">
              <organization/>
            </author>
            <author initials="A." surname="Solberg" fullname="Andreas Åkre Solberg">
              <organization/>
            </author>
            <author initials="J." surname="Bradley" fullname="John Bradley">
              <organization/>
            </author>
            <author initials="G." surname="De Marco" fullname="Giuseppe De Marco">
              <organization/>
            </author>
            <author initials="V." surname="Dzhuvinov" fullname="Vladimir Dzhuvinov">
              <organization/>
            </author>
            <date year="2026" month="February"/>
          </front>
        </reference>
        <reference anchor="research.ust" target="https://eprint.iacr.org/2025/629">
          <front>
            <title>Audience Injection Attacks: A New Class of Attacks on Web-Based Authorization and Authentication Standards</title>
            <author initials="P." surname="Hosseyni" fullname="Pedram Hosseyni">
              <organization/>
            </author>
            <author initials="R." surname="Küsters" fullname="Ralf Küsters">
              <organization/>
            </author>
            <author initials="T." surname="Würtele" fullname="Tim Würtele">
              <organization/>
            </author>
            <date year="2025" month="April"/>
          </front>
        </reference>
        <reference anchor="research.cuhk" target="https://www.usenix.org/system/files/usenixsecurity25-luo-kaixuan.pdf">
          <front>
            <title>Universal Cross-app Attacks: Exploiting and Securing OAuth 2.0 in Integration Platforms</title>
            <author initials="K." surname="Luo" fullname="Kaixuan Luo">
              <organization/>
            </author>
            <author initials="X." surname="Wang" fullname="Xianbo Wang">
              <organization/>
            </author>
            <author initials="P. H. A." surname="Fung" fullname="Pui Ho Adonis Fung">
              <organization/>
            </author>
            <author initials="W. C." surname="Lau" fullname="Wing Cheong Lau">
              <organization/>
            </author>
            <author initials="J." surname="Lecomte" fullname="Julien Lecomte">
              <organization/>
            </author>
            <date year="2025" month="August"/>
          </front>
          <refcontent>34th USENIX Security Symposium (USENIX Security 25)</refcontent>
        </reference>
        <reference anchor="research.cuhk2" target="https://doi.ieeecomputersociety.org/10.1109/SP63933.2026.00128">
          <front>
            <title>Demystifying the (In)Security of OAuth-based Account Linking in Connector Ecosystems</title>
            <author initials="K." surname="Luo" fullname="Kaixuan Luo">
              <organization/>
            </author>
            <author initials="X." surname="Wang" fullname="Xianbo Wang">
              <organization/>
            </author>
            <author initials="P. H. A." surname="Fung" fullname="Pui Ho Adonis Fung">
              <organization/>
            </author>
            <author initials="W. C." surname="Lau" fullname="Wing Cheong Lau">
              <organization/>
            </author>
            <date year="2026" month="May"/>
          </front>
          <refcontent>2026 IEEE Symposium on Security and Privacy (SP)</refcontent>
        </reference>
        <reference anchor="research.rub" target="https://ieeexplore.ieee.org/document/11023371">
          <front>
            <title>"Only as Strong as the Weakest Link": On the Security of Brokered Single Sign-On on the Web</title>
            <author initials="T." surname="Innocenti" fullname="Tommaso Innocenti">
              <organization/>
            </author>
            <author initials="L." surname="Jannett" fullname="Louis Jannett">
              <organization/>
            </author>
            <author initials="C." surname="Mainka" fullname="Christian Mainka">
              <organization/>
            </author>
            <author initials="V." surname="Mladenov" fullname="Vladislav Mladenov">
              <organization/>
            </author>
            <author initials="E." surname="Kirda" fullname="Engin Kirda">
              <organization/>
            </author>
            <date year="2025" month="May"/>
          </front>
        </reference>
        <reference anchor="arXiv.1601.01229" target="https://arxiv.org/abs/1601.01229/">
          <front>
            <title>A Comprehensive Formal Security Analysis of OAuth 2.0</title>
            <author initials="D." surname="Fett" fullname="Daniel Fett">
              <organization/>
            </author>
            <author initials="R." surname="Küsters" fullname="Ralf Küsters">
              <organization/>
            </author>
            <author initials="G." surname="Schmitz" fullname="Guido Schmitz">
              <organization/>
            </author>
            <date year="2016" month="January"/>
          </front>
          <refcontent>arXiv:1601.01229</refcontent>
        </reference>
        <reference anchor="research.jcs_14" target="https://www.doc.ic.ac.uk/~maffeis/papers/jcs14.pdf">
          <front>
            <title>Discovering concrete attacks on website authorization by formal analysis</title>
            <author initials="C." surname="Bansal" fullname="Chetan Bansal">
              <organization/>
            </author>
            <author initials="K." surname="Bhargavan" fullname="Karthikeyan Bhargavan">
              <organization/>
            </author>
            <author initials="A." surname="Delignat-Lavaud" fullname="Antoine Delignat-Lavaud">
              <organization/>
            </author>
            <author initials="S." surname="Maffeis" fullname="Sergio Maffeis">
              <organization/>
            </author>
            <date year="2014" month="April"/>
          </front>
          <refcontent>Journal of Computer Security, vol. 22, no. 4, pp. 601-657</refcontent>
        </reference>
        <reference anchor="arXiv.1704.08539" target="https://arxiv.org/abs/1704.08539/">
          <front>
            <title>The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines</title>
            <author initials="D." surname="Fett" fullname="Daniel Fett">
              <organization/>
            </author>
            <author initials="R." surname="Küsters" fullname="Ralf Küsters">
              <organization/>
            </author>
            <author initials="G." surname="Schmitz" fullname="Guido Schmitz">
              <organization/>
            </author>
            <date year="2017" month="April"/>
          </front>
          <refcontent>arXiv:1704.08539</refcontent>
        </reference>
        <reference anchor="arXiv.1508.04324v2" target="https://arxiv.org/abs/1508.04324v2/">
          <front>
            <title>On the security of modern Single Sign-On Protocols: Second-Order Vulnerabilities in OpenID Connect</title>
            <author initials="V." surname="Mladenov" fullname="Vladislav Mladenov">
              <organization/>
            </author>
            <author initials="C." surname="Mainka" fullname="Christian Mainka">
              <organization/>
            </author>
            <author initials="J." surname="Schwenk" fullname="Jörg Schwenk">
              <organization/>
            </author>
            <date year="2016" month="January"/>
          </front>
          <refcontent>arXiv:1508.04324v2</refcontent>
        </reference>
        <reference anchor="RFC9449">
          <front>
            <title>OAuth 2.0 Demonstrating Proof of Possession (DPoP)</title>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="D. Waite" initials="D." surname="Waite"/>
            <date month="September" year="2023"/>
            <abstract>
              <t>This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9449"/>
          <seriesInfo name="DOI" value="10.17487/RFC9449"/>
        </reference>
        <reference anchor="RFC9126">
          <front>
            <title>OAuth 2.0 Pushed Authorization Requests</title>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <author fullname="D. Tonge" initials="D." surname="Tonge"/>
            <author fullname="F. Skokan" initials="F." surname="Skokan"/>
            <date month="September" year="2021"/>
            <abstract>
              <t>This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9126"/>
          <seriesInfo name="DOI" value="10.17487/RFC9126"/>
        </reference>
        <reference anchor="RFC7009">
          <front>
            <title>OAuth 2.0 Token Revocation</title>
            <author fullname="T. Lodderstedt" initials="T." role="editor" surname="Lodderstedt"/>
            <author fullname="S. Dronia" initials="S." surname="Dronia"/>
            <author fullname="M. Scurtescu" initials="M." surname="Scurtescu"/>
            <date month="August" year="2013"/>
            <abstract>
              <t>This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to clean up security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7009"/>
          <seriesInfo name="DOI" value="10.17487/RFC7009"/>
        </reference>
        <reference anchor="RFC8628">
          <front>
            <title>OAuth 2.0 Device Authorization Grant</title>
            <author fullname="W. Denniss" initials="W." surname="Denniss"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2019"/>
            <abstract>
              <t>The OAuth 2.0 device authorization grant is designed for Internet- connected devices that either lack a browser to perform a user-agent- based authorization or are input constrained to the extent that requiring the user to input text in order to authenticate during the authorization flow is impractical. It enables OAuth clients on such devices (like smart TVs, media consoles, digital picture frames, and printers) to obtain user authorization to access protected resources by using a user agent on a separate device.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8628"/>
          <seriesInfo name="DOI" value="10.17487/RFC8628"/>
        </reference>
        <reference anchor="RFC7522">
          <front>
            <title>Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants</title>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>This specification defines the use of a Security Assertion Markup Language (SAML) 2.0 Bearer Assertion as a means for requesting an OAuth 2.0 access token as well as for client authentication.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7522"/>
          <seriesInfo name="DOI" value="10.17487/RFC7522"/>
        </reference>
        <reference anchor="RFC7519">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>
        <reference anchor="RFC9207">
          <front>
            <title>OAuth 2.0 Authorization Server Issuer Identification</title>
            <author fullname="K. Meyer zu Selhausen" initials="K." surname="Meyer zu Selhausen"/>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <date month="March" year="2022"/>
            <abstract>
              <t>This document specifies a new parameter called iss. This parameter is used to explicitly include the issuer identifier of the authorization server in the authorization response of an OAuth authorization flow. The iss parameter serves as an effective countermeasure to "mix-up attacks".</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9207"/>
          <seriesInfo name="DOI" value="10.17487/RFC9207"/>
        </reference>
        <reference anchor="RFC7636">
          <front>
            <title>Proof Key for Code Exchange by OAuth Public Clients</title>
            <author fullname="N. Sakimura" initials="N." role="editor" surname="Sakimura"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Agarwal" initials="N." surname="Agarwal"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy").</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7636"/>
          <seriesInfo name="DOI" value="10.17487/RFC7636"/>
        </reference>
      </references>
    </references>
    <?line 849?>

<section numbered="false" anchor="Acknowledgements">
      <name>Acknowledgments</name>
      <t>We would like to thank
<cref anchor="acksAddNames" source="Tim W.">TODO add names, sort by last name.</cref>
Daniel Fett,
Louis Jannett,
Wing Cheong Lau,
Julien Lecomte,
Aaron Parecki,
Guido Schmitz, and
Xianbo Wang</t>
      <t>for their valuable feedback and contributions to this document.</t>
    </section>
    <section numbered="false" anchor="document-history">
      <name>Document History</name>
      <t>[[ To be removed from the final specification ]]</t>
      <t>-03</t>
      <ul spacing="normal">
        <li>
          <t>Note that issuing distinct redirection URIs alone does not prevent the COAT attack</t>
        </li>
        <li>
          <t>Add comparison of the COAT countermeasure with issuer-based mix-up countermeasures</t>
        </li>
        <li>
          <t>Remove a COAT variant mention already covered by Shared Consent in Brokered OAuth</t>
        </li>
        <li>
          <t>Clarify the native app backend scenario in Session Fixation and label it as the BFF pattern</t>
        </li>
        <li>
          <t>Reduce non-standard terminology and unify terms used in the Session Fixation section</t>
        </li>
        <li>
          <t>Add sequence diagram to illustrate Session Fixation attack flow</t>
        </li>
        <li>
          <t>Editorial clarifications and fixes to COAT and Session Fixation section wording</t>
        </li>
      </ul>
      <t>-02</t>
      <ul spacing="normal">
        <li>
          <t>Simplify core attack description for Audience Injection attacks by moving "why token EP" discussion to a new section</t>
        </li>
        <li>
          <t>Include concrete examples for how an attacker may misuse client assertions obtained via Audience Injection attacks</t>
        </li>
        <li>
          <t>Add implementation considerations for Audience Injection countermeasures, including recommendations for how to deal with ASs that only accept their token endpoint as audience value</t>
        </li>
        <li>
          <t>Add new section on Shared Consent in Brokered OAuth, describing the attack, its preconditions, and countermeasures</t>
        </li>
      </ul>
      <t>-01</t>
      <ul spacing="normal">
        <li>
          <t>Clarify that shared redirection URI is not a precondition of COAT</t>
        </li>
        <li>
          <t>Clarify that COAT countermeasure uniquely identifies each configured AS instance</t>
        </li>
        <li>
          <t>Clarify Session Fixation countermeasures and relationship to CSRF and PKCE</t>
        </li>
        <li>
          <t>Use terminology that is less ambiguous and better aligned with standard OAuth language</t>
        </li>
        <li>
          <t>Editorial clarifications and fixes, and reference updates</t>
        </li>
      </ul>
      <t>-00</t>
      <ul spacing="normal">
        <li>
          <t>WG adoption, no changes from previous individual draft</t>
        </li>
      </ul>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+192XYcx5Xge35FDHS6BXCqigC4iRjLdhEERUjcmgBFu9Vq
MasyCpVCVmZ1LgAhNv02/zF/MG/z1E/jH5u7xZZLAaR62u0+5vGxULlERty4
+xbj8Tiq0zrTB2rrzTqJa12pulAvp029VPuTXXWi502Z1lfqka5qddiUpc5r
9aqM53U611tRPJuV+uL6tw9fbUVzeOCsKK8O1Gy+jipdprrKiwO1f3c3Sop5
Hq9gGkkZL+pxquvFuIhhnHElY4zrYp3Oq3FDHxrv3on4r+pA3X9w9+EI/v/e
7kg9uLe/R/+/T/9/Z6QePtjdjaKqma3SqkqLvL5aw3eOj06fROm6PFB12VT1
/u7uw939KG9WM10eRDjwQTQv8krnVVPRQzqCdd6J4lLHsF6ztK3osijPz8qi
WcPVt3qmcPVFmf4S1/AxAFVRF/Mi24rO9RU8mhxEaqzMovBvWuY+/jVDGM8F
xmuBcXSh8wYmo9RNPqIUL2/rLcwqzc/UN/gSXl/FaQbX6Wu/R/hOivIMb8Tl
fAk3lnW9rg5u38bn8FJ6oSfmsdt44fasLC4rfZtGuI1vnqX1spkhMI4O63R1
m/fustFlrTO9cf/w9Qx3r/Y+zcNMeNhJWnzKgLdviDiTZb0COEUxARA3A2ai
1KLJMkbArdN0pd7++d/ok1t0EyAQ5wLrA/UmB9CUFaJ1sVAndVPXZ3FZ05Oa
oYyrMLP+Pcxj0uTpuDJPThJND8+LJq+RHL7R5SrOr3rm8krDslbqaVFV+ipP
P3M6axplspRRftWMvovT902cq2dN0Teb06VWh8s015VuzexpAdj4HfwfvWX4
xuGbp9/5Uz3n4QFBJ/NmeT7RSTNZntMTpT6jT4QD2SnjV+OeCU+TIk8r9aTJ
z/omfBKvKrilXsOMEcvVdAWMaR77k4ppiMkCnvt9xc9P5sUq/P6bk2kU5QXA
rYZlH0RRmi/cLwVc8c3p0zGypFkKDOV4/HjSQdlyMZcHxrv34J3Dx09OBh6d
l7Cb40RfAItwqL6Hb71c6/z48eSwKOnDAGyD6/BvrNIcPv9iAis/T1dNyStV
isH1Iq7DG/L8txP1qIyTTF8Fj39bLPPghjz+fAK3AAmCh5+n82WsM/XIvykv
wLVEq+c60SksLHjtEbDDonNX3jucqOdFCfQGiw3eOlw28/PWPeLq6rGea+Ty
an93/w5dr+PyTAMjMnyoAACmySTX9e1qreeVXBiDPMj1vIb/lnq899Mu8RIe
gWUoQ14d8nMKd0DtgRxMc3hlXZSADIBquoQ/YpABtdp32/U4reYF0MvVX82e
HcG1OBz7KFk1eWIv/3sBPDGwuQnULSBvDPrD40fTQah/M1FPdJnHeaJ/Cdb6
TZH/EmeFu6teF0mZnjXynLz/ZKLexlmty+DlJxlIb2Cj3i15fjpRL3Sen7de
mL6HXfBvyOOPJ+oUeGGI/I/jC+1ddjR2GK/WM51lLQLDmQS3eONO9Lq2O7f3
aTuXpaDEjNM8rVMYKxnP4vk5oBJsUTZGKMNd4LLIg29OTjzmsRlTPXJjkkLk
xkT4XsK6DQW6vX4CTKRk3j+0468n6qlOYNlnAZheFxlsc3DrcykH9vikyDpf
mOYJKJeV+vP/PIdp+098HkUD6j4GtglirQgxN20qvV7r8K689D289MuyuUjz
4iJ46/ssTtJVWrZuM6o80bOyiYHmAFPufxKmLOyGIA6MFyDFsyFMcJsnm1qK
1J6ACj+4n68mVoEKFtRSrloo8N2f/60C0gw39XWcLcI78sLpxOqMwQu+MumB
a7ou0wxhda8XVhpu5/Ukjeclqd/44O37+w99kGxNmwToYa7Vcf4zkAcCZVrX
QBKIYMAqLoFg4qpC3UuuK3gEjIfxo7gC6glNCETtFg2d1HAxLpNqy4c0qmWD
oP5ugophAAFPYfSf/AOyxTzE/z8AH5oV7rq3fxOkGdThwh1sUtg+5al4/ntv
J6gePIub4J23KAcOlxq1SHPPkdczDYpdHe7htw0ynuCW7GJzBng3vI2Xl5eA
mIDl72kXqytAm9XtRZrp6jZfN4rb/r1x1hRj0X4n62QhKu8CRGANewL7fecu
WNVvTo5eHP/BGdYnV6t1UaXNSm23b+3f29kKEEb08ThTh6Q8xuu1w5ij9+us
SElIIirwKPDDGfNpDpgGFrwQ4Csw31DB7WLH/n819ODdfh5v4G5JkYK1rBFF
1g0yh2IOyvoV7fve7mRvb/fh7ZNX9+88vHNngoNMdnf39r/qbjLeU8dHR0fe
ziIpmk3FvXlVphfx/Eptn7ySHWZfyjEYHAeymLHRBF4eyxWlLuKsgUvXTMdg
y2O9AnxNF1cIEOALavs437HzAKZCmAFynXjJnOwg9SzNyesAuCJSuyjV0bxg
1A9RpWxmg4gC7PQ4z4s5cqOQnxarVVwVrbvy1jNUSOGrdR2886xoYPv9O57x
EMOMQ3X6cFmmsHDASe+mE47PQQzqXtlYZfFFeNspyt+lZRJ+5ig/Ayi56wGS
9fMTRDAk01ITrhFyJcW8WQEgbsOe7t+582Av2MR/2nqZZ4A1FTDzElEa/sK9
fKvjc3Q24X790xbI15wu+9v7qCxA1YS9PYENzeBeepaP4bkilxFm7Dz6Q3ox
2bu/C/J4b3//YXdHfU31idsap6rmKWhJ3p1BETwshH2N52S+XKX1L613vmnS
pAjuMbwBK0Rt2esn7Lh8DwskH9isuu0WertLuwSLA/fIzWlz7NHm3a/u3du9
3YZrKPmBuFbrUoOwroClqyfoZ8jc7k1Bhbqq0spSKfLvgPZ+nlc/7d3dsFlA
Go/iHGRFC47AGUErCO855v5oCdCLL+K89dZ3cVkv03N9ha+2nnEq8WOdAY7F
9fgZ3G6S1hjTvC7SXA88JaOcIEUvFjpt48wJaNJpEdwMNbG9u4MiHEhsks4n
8XzSnN/+04qHuL2O14B+twGSe3f7Bfa3RQOWYYa7cChiwe7RSF0U2UShlzov
JuruSK3XEwXbPb5/78HnIc4dIP/b3x6ejPfu7t7bvRMyc7GJkTfDBOelrrWK
nVZ4qWdVipcCnXB2pRaMWrFglEfyD3bvTna/unfnr47k7Y4/uAnB22UOE7x9
5Lp9o+c74ti+HuzYKfNYdXLy0iriLYP4AKTg+DHY6MthDuB0ObiKEAHqAWPU
28d7u19Ndu/e2b970aO3bRB814i+QSG7Ucz6qjjs3KXOz1uvffvn/1OeBfc+
j5F7yx7eWe+hz9tbb4Bgd0XeVp68XRVg2+ZtaWsiO8jbQLnMk/HLEp5T3zdZ
DqbwLM1AZ9cVKlwhcmxF0Xg8VrDWGgNJUXS6BHQw2oJqTLiOZlHjBILok52Z
CUNVyAoiZw0Ab9DvAVqJUQ/tG3GCPml1BpIpx3m9fnIoETr4K+IoHaIlXsfY
3AhjhsSdVA5Ga70sdVzjzOJaLdGRNdMwkHEB6iSqUrR68ZvIneA1s6rKe37d
zLK0WupkEjEkVmmSgA0efYFWTFkkDZvMH77wf36MohM7Og0htjDAhz6YlgCk
ofCoCYtWkYXzhw//DdaJy/z4cRSuzw+UaqsiuyVEQKyg4C5SWIMKdw+mAuiK
vi1AyAvYmxgpnTekctONgJWfoT8lmAYBP6UJzDSgfZzgLgFu/dzkDJPLFKaV
1gC5ZyC0w5dn9F3Ys2BC67K4gOkCHoLRUgK7chgUlWgUwVMJQZJZUlrjDF4f
Hb58/vzoxeOjx7zd8HamcUDg8oCiYGomtBVpGdlb3ige1AAAVYFuDMBTHVfp
LNMw/S++QL0XtrYpNVIALncF3AYpiEDkrwH1JQ4NgdKL4xRZVlwy4RFY9vGR
WCWgAYEJn1ihaJDD7CwtMJguvFg1WnB6Djs1Q9xFT3nKjOAyzRK1Hdc8TrrS
OOZlSfb4joozVN1pV2IihKYyu7wukGOlsMVkgGmgh7iC1VaI9rB84AYX+IAB
2Sk8keZFVpxdMUBAKVMYlq7U1vM3J6dbI/6vevGS/n599A9vjl8fPca/T55O
nz2zf0TyxMnTl2+ePXZ/uTft5uJPuKqCS9HW8+kft5gVbL18dXr88sX02RYD
xN+WGLCcUTXF9a1RdcH9iQDd5mU60wTER4ev/u//2rsruLq/t/cQcJV/fLX3
4C78uARtmb9WoEnEPwHcV1G8XoNWjKPEGcAxXqd1nFUjwqllcZkrpDaA560f
EDI/HqjfzObrvbu/lQu44OCigVlwkWDWvdJ5mYHYc6nnMxaawfUWpMP5Tv8Y
/DZw9y7+5neoIajx3le/+20kYgMdtsCIhBc2lQgORDfAm3gOLA/5ybnOcasD
JTICwl+D4l537igg777LxNJKvM5BBEQV/ktZjlhuqW25dvx4Bx4FBlQDmQIy
AO6D3j3XOAAwSfi5jOzUzE0F28rfsFfsZwkh6Q1l5w7ItgCoJCj2HNdm/ELZ
9vEj4McP/1w76pJ0gx8/HCj+wNecWDDZ+jjwJBr/wG2RehHh+SoTA0gyENEi
l1iR0PNlDhuSIZ9l8p5pjHkguaATKkMyQRZonb+4rufAUc6Eg374Qu54Fz+a
DReWh0I84HlMdGsjE1GgeWYEg6bFqkc+/xrmV8E8V9484wxl1JUS8Y90Gooz
WHFe1AQkuI3EOgJROAfFGKkc4ZHFpUVf5PI0745cgidXIHBYbgx71xFwctPe
A7i9BYYCpIHqUEUGKqxKvGOCqWHYS600YD3w3aqZL5GfvVujX6/WPwFL/unn
y/odMiCDd7RoL7AP64Zl4Ifg5rdvTyvmiN7DCCFMhhKBby/cQUUkhpWCbpMW
TRXafBGTAdy+QpYbgxxFZCxmsP8cJADqh9d5SV9WrUVFYFkmvMGwBzm8Lurh
CkcBxEDPaI54bYaA65cYY4CxC1RroiUGy2rVxxNoZwxCq8cOFVmUebhZERqI
CIe1+3EiXD/jRZwkKT4N2MgIXkUiyhmnCSWyOAWR0dQT5XAitThhkL/U/9Kk
pVtWhMtF/AaNUCQ3YCjgOiz4suhdHRAKLJ0E/zIFlEiryG4Sc6W68MHNYhGA
ZjSDFtpFvfgmKEoaOxguJP/XcVrC8k6XBmLwRORTuuX47wAvxzMApS7fDaD1
oixWUYhtlUYlskM0yCxePGcqACwFvVIRCij0sCAvjzYSDsz4SVPiCyvRSLWZ
Uq51IgpuBKoVI2ELeLAfsePw8mVQ0FghC/k/PBw5tMAZ9uyf2h5Y55GMAovc
YRT+ggPTgsgntV5XUXSci00jOzACfKnV0/H0hCgR1JBhyiD0gMejqXvcTBaz
KMDCyUhl7aeqKainK83qKa2zDz2NSRXOUr15fcy2IenpLcAB4uK26vcxygR1
kQLj0RiyT6uV5XwDHAgoMsFkjQ8ffoda3N29u8z0xM51aR6WMdpLKI4Rm+G7
QH6+HWe/jro8So1SZ/oC9JART6RN4JEhcGQFoBUWIMEqMi9Q3jG6VUyAK/RA
ZBkKqnyRnjWlkGBnr8zKAPBHIKZKkFNINLTVX9q7B1H0pz/9Sf0cX8RMiNEW
WRHllpcxySiByWioJRHsf7JKS+9zt0UXiiaTCX6gNYfpp8/B4Nmvm8WpMWlH
6npKA4GerojAURrh8zx0L7y/rFpIOVEvitrHdvlW/24lhWZMETJijcyNderE
BXKXiJWKORvlxoaMor2J5K9QHiP5MZEF4Z4zcz/TaDpWItKteARMfzdPk3eT
aL9/hOnACJbD24FQceSxWgBwnxKiwAwp9BGr7Q8frPU72QfZhGM4pRfZ2Yvi
kuRpri+Igdrh5mgNk/Zo2HgFIGUZUZRtxQH2kldCO2KfxBRsWCvZ2LH69uTl
C/KKntKGboPisyOeg0qUoQg0dG8SCBfcONBeUIiuUBElVl+NWnyMccpgPGgp
hOuIvgAyxOuqmXm/gFVsRG3G6scNSWn8klO4EGcxIZZIrSVoQMliEtzIE3nu
72AO73jedo39o6JkAplMUDt6FVcgonDzlHqt52jzEghJlSD5QWlO+IdBNEYn
I46J27XQUxSUFkZZvSFQNaLu9ivz/V7JAxN9iiQlXifRsBySkFvmAuCbtId1
6ijhnI8YTHuAwC+Nv8/yHNZ2YdEsoDr4O0L/FbpxPIU28sY2Ki19QLHvjpRh
gMaqyeoUZaEIFtRinIQchWoGauFG9faM7IoEaewRmiyyYpt6Ek1ZmbaCN63C
FUpeHmV74C43YCG1YD8vEh3RcEZbhq8CK1jhrpb8ocpNy+PCLRCPolkjjNZb
AyIn+vgYm4LJbTsHr72GCd1XkQfvyt9M4zSag9478jWMDP2Xj18Vr0SLeHgX
2VYEe4dsTpwGKj5D0vGFATI2US4Nc6/msIVlWrCB2jUdSEMwTu+obXIYvY8Z
15HVKyvD06cWm62V8eGLgGDZyBHm0aOjosXB/pGrQSWOlJyojc9feprPtsYV
ILG0nxL3pTG3K7FyujPZUYTvYOCX8ZlORqi0WesnRn7LjhSqMKhMktkIU3Wz
huIJHz5Y43Vkf+z7P+7YHw/39u/Dj6hlHo88e/n40ZSMXtw34Hb2kxjzAczO
58YiOp6+mEbM9EqKfYpHo7VrrTw5MWFYql1g+QxQ+jW2i6CDNQ2AE6MBSclH
ghDhiz1OB2dXoAavVuznReVhBlqwr0eRbxu9nlZ5TRce/fiWIpdwfYplRDJj
wn6jFN1Q8xiRNPgCYgva+PI2WsvIKKzQT1GqwNbAi9G0T4LFlYvoIO5YObVk
wYDju+lF3gdYw0onetLSLIUJCH/1RYPBeLKMnO+L3CptT0IIZFL9y5VOxGVt
4B2F0AjhTRyQRE2X5ESeOrPcWlaU1wlrA41lrF41BJgwpfPIF/+GARK17MAr
jNOv9UUxH378we7uQ34ciWhTwnX77YD2cIDHVKpygyl+dX//K3wl8pVU6wRd
GJlWGWVVv18CwmGZzcSoCcBYrB8G31+lZ8u6x/y/uiGWR+KC1/Dh4qrtumQ/
nQtGRD0+gMPwFScQpuLrGCB7w1t6yD9wn7BwIDXLt1gtvRvtp+tk7LIAz1k0
7H4ke/lSA83GVYTSM85JoyAH62LAN+Qhths58n2VvhSgjLTp82f9rxkMJcHg
xDX7gtAZtkpJqbG0GcAicGSFurbRbFofc3bQHi4w8KZmMw0crMG4YuRpBjG6
VcQfKQgesg+aiugP4hpSLUzp2/k2MgGbAh2oRvZDix92U2rO8mWegr4RJI8R
m/5Ow/8SgUVEsQCdT1+OyJ10E9OaVPFoVVQ1CJtiHQMX5lwI4tXWlG7yFO7A
I1ZhaX9ALB72ShrHgOfU6tduUF9mewhp+83rYzASCDDhLD0kC/xToyEvW2SX
y+4PLxDleA5wKMmwjDv2D0slX5rRgmWfGEJoQwcEw07Laz0UGzfcZwIT38my
4R30nhr5VaI6WLPMdQgCqHoori+2vgNPN5Igc1L0Zw+5KwOlQ2TgJ8VNMPYa
CUcWx3nLog/JZARol6H9cY2XT2JPvGYWCzAEug+Mv5Jd6BRaJKN2BU+XYH6R
Yavjeb8ZC7h83E17KBDGC/acROGMA6HS51hu8YHpCWMnsUMUB2055cbjWOEK
9eCaLS2xKypOPzIgihg1t2HRxRrwiBHD2bDyGOUfIUaXZXy1Y0xepwxGjn3e
nexN7uCXmHlTnJ5sAiaUUs81VimQvwf2RT4whunXZUqC8tu3p6SizinChy/h
FTJbRMsyg7gMGlGySAf2cIVWR5PnrZUVwAJsFlDUBmKpaYzQzcFlE4Bg8WqW
njUcVvOpmwz7UrPOIgSf5p6w88QGMiC1TYR1WTRZ4hFkFHyBBbCNKYSq1QlT
2jEzrGPLsG4gUCwiOTKnRAfjbB0QBR3e6MnQyMYk2ZF/u89pb7LTq8LDLQus
jtlaGYeoTK/UgCKAByRryB1kA+gig1pJIw4r7zBOevNz+Ip3ov4YQ/SkrUr0
aPBOj5hdhfYrTi0KIhIUYWjNMSgcp686xXirA/MtjnxaUSvMpbAJG+adrWhI
w7k7uYvA8PLWyIHDQ3Q+2I06S6iGo849YFPHuVrHAJ45up3IhIq6uCPa/c9Y
YbWFlCmZjP4zotWiz32W5kGmXoijTvJSGDXI7eBMKTTGKVp0SnmjzjIBLeIG
JMNvHb0aIhmORGl/UAAoB3p7HOSAFxVfkZyxrsemh0gmkr3REiOScNYg9zau
1250j76TFAj0iGL8m0JX4U73BOWGCIYhfRxmxx2ik99UdlawCJPckl1JWHdQ
kN3I2nKCkRSP61+wu/lRIEI5LVekVdoWDxHS7Zm2zs8+gB2ojZIvkrSBathh
h8kXVMLD4i62eU8WF3ZI/rHo6w9hkavaaNqgDutswfJw27rlnFCMNG8NisUd
I16/bMszG4vyON2a0miZz1kno00GQiHnvlJ1N3WltVj6mOecigPmaXGpScmt
ihWSEeaMo7jsW2c7R9QDXG902sibjqjpsvFR5ER1f/jCc8xsciVMLH8wSnNq
cqNYB+klTuIlrOtG1DEgJxTsJlGp48AVbgLU4r8gJY/2ILpGVQYYJBgCjEm1
KUrJmF0bjyk2OFFqb6LewJAJbcq8o6n7ujEvcVg5htH2J8B1Of3NKaRsKlpH
v+X9GHrAKlby6PYDbTsPHUjsBUJqxvRbyRIm5Y9QyyYTt2xCTo7OtZcb3S1H
t+zOXaPwqALVwqyKl5JrrsnGeW93ljXq+NIxYlbZzKs+D+wmpYlTWjuKE6ar
pZkesuvF0y+Jd0xBAE8vfCqq806E1nVXeIu3qSX14qor6UJLo3KKi1F6mcsi
64VNRIPdquo9E4+eT/+oABkzDMvM04Sir8Z2kIXEpNkXqnfm0faniJMdu1Ab
hAHARWJ/JL1O5Zt8wcmfnV5fAWFoZDEUFgO/0aCtK0vyaCIlhVhIMOYav9Rh
GSZNnArC66LIzlNT32Bqek/jc03VGR++OHw5PQUNh83YNDf8gXJeVisT2DdG
JA9jY6Im/NdN1SV6sEblLZxGdQttrJleYuEXsoGK4sBHyD+kXoUeG7GCWzKu
kO/llizjlkmu9zKqkAtgunciQY5bPEcpXyhv2dydmOO8kolHrF9XXg7fkLje
np7seKIgzgMkkNASvTFRU0RlBMmiycxMHKe5RVG0qo5N1IP8QzhYAFcOXzCO
+OFV3gkEhWJnCmqV7CJEZCi4cCdcfrh6Tm0xMWYWZrmzAf2Puc0Vzo3mYN8+
mwoHmNaXlWrlXqvt1ydozD43mNAGSWVU2SzNz3kPiXVjGZBBEqHl+qqz+8BV
8rHV3mxoPNEoVanUwIZ4KaYyXa9t2pjX+IB7nHWnhqnDLB2SdEFCslaCiexX
cpPGvXKDf1nxxGOhN8zr1Vzgsa0nZxNE8TX6jY0frv/1kPviM7DeqxU6Csxw
7pGdiXXRCOWaGD9PRVBbV62PmRmhyVI0iVpLEwjzyTOS/mp6TFuazvUOKbDl
fKkJ77UjcyFf2kCb81oXwPdQvJisgLRs4ajFAUrHSsEytc5JSfSbwN4RCo1r
2M5c2Nk4rsbx+IRnBaIMDe3zHKs7gGlwLOz7GN7awapK0p4qgQl/n4kGVAZT
cUcJSYa5U+p4jtFu2iBe5Ybvm9VQpMIxgTZWKQp7WbRRPGDPjqOgFweSs/Xp
476n2mx5rGCfQEvJDPMSmzlD1tZDDzZfOsQFk0kMI/YscYbp9ZT+xTNBfidz
wh1sKkmWXBZFpQ0aLMYwjzGwu2zhiIe/s00uA3xnxxU4tJGDcw2SRFAHt9cO
w2lLTVUXqw5OISdp1li65sEOjWxezETS+71MWqFDccyzmYodjUIe6pXgu4+h
HxXA4ooBecuQFgHqtC12ZYJgIHzSM+DIx0EYeUF5J+RChk+XXjwF5gOmxflI
av2KzLh5OxhGNa/va7VtmQwnBbVcKuEaRgaqkvZF4NpBLETxkHDnmI6KtsiK
yzCIM6eiRROS4prEFTHBGykk26iP7Ni4RTvEhr1orB8q7FBD2W/Ix3EENx+K
1/i1EWYCiB+1xpCeJEF92cpapnQpVicNbkggqSViya9t7gVQJNLS/ePaGM32
sNPunvFgstdux6Y1Map1dr6TeIUuXBGewisAaMDI2LtPRFcWq7RyyOkGm+n6
Uot+4o3nswsrmI1SZCFpoMw6BG8M2PLk7AMd6F+aFLReo0TmVlDWggcHnbwO
pMTSoHwIa7dst5Ey3vYy/RmHSJROSQhRQNflL3qLIT5DIQexQpkExItWLWPO
l5MibaPKBAxyR7xhPeUsoml7Vz5Gr0pt3SLYPpRDrZS3z3mXUXSLHbQrnGVK
ekQPKnFGX1qxO5DjdUP6lmEOyFaNhEb3AbtoyGUHY2wxgLfU9tPxqQCZWfbT
MQ74yqA+fQzTcXakDJNGkq2yQtylAU5bw017hsMMmB2iH1m+yTeqC+NW62F2
IHSA05kvsjDNKeuZFaUZ1eaKIBV1lrsfl/63BsokDDMGpYeTwoGOkrSUOaDr
F4vnsTssJZ6xkdx+BLTU+ZLkHtnbl2mluZCGOKM6KeYgC8cvgOyK8pyyxxDJ
nxRgOJZXrVQl7vbSTTfoVpxwXfbCZD566BWkW1Z+ZrDdVrUNEz9Q71o50XE1
EV37nXFIqePH8NyDf/zmH7Pk6T+8Y3yw+9kexxYY9A9z//7919//47en03fA
09uVLHbGUn/d3Qv7GQltYwo3z3w8n72ziTMtLoIT7nuT5xq82VeHI8NMYAbP
TJVxx14xFgoyE3ikBB4jHnyR1LHR98RAlRy/uARuReUBprglzCPAtDbmORLG
HGITXLYwDfJ+Kxhyzu4FsE1FX2KmYqn0hHPTDPWKzTC7CtOOyTZlj+SA7UA1
D6cdohZACV0amrVbTtNcYvE2TZXw16iofcwAt9IghTNgTW5iR9BbV49U3T0z
+XNLHYsNjRa5SWCCDR7G5NvW0Pqd2Bf6J+zf/jXuwd/zqn9Kk68tiv89wLzW
X/9A//nxXaTUu783c/8J1K6v6Ut/d2f6d/tP4H8OMeGHQ81JdGei3hp3Qsjf
VB5fUPqDjWt4ZRk2fXwFbAF7sAK6haAzo/TGRFyy3UJy44/7EFCSN1vfZN2s
rVOaRE8Es4wqGwqm6dxULRK43jnRj6KH0jdo/uysm/iZRv5S5IGKMuUd7xjY
flqgpO4Mc8Kbbrxhkb9m3x0zm0R3J0pKUnw1YQ02XonqDYhW6nxgiSBwmaP2
t66FBZV6zMcjABMjqAuLjZl/4B5wzi8yACxX8EC6o7AbsNsOsz+CNCbH6N7E
pWE4FpBmklhn+mmwjEfnS1x5GniHD3FDB2QhyQAL2aYZmdlguyxsvrLj0pMx
K5wcyonWK/dhyYHuFppF9/36MNYlpXGL8du5QbBSCe0h1j31e3F82wcW4mPx
HW/bJA3I7WEcv+STBgWE3DIdemmZE6bOuWonHQyaFUH6wUpTNgwCHVHexoFa
MrbC+Qwy4BGnVJldQY3fOLZtMEDy0DyOcIBPY+WsuheU/lqbmLbvykeRDud3
vcEdSrTVA3KNkWuqh08x5RLiWZ+/04J3WIkbVkNRpS+TQXRkBQL1MUzWcurw
DkFMQseyX2gvhEEETLQ4NabLhdcu6kqyisgFFpdpJ1d/iR2BmI6sL59MmqQD
HRHtfZoQ8JsdWgLVdRkvjElR+HT7fpPjyvWzHRipbTX3+QhwoFX6ftysA7IY
TpDxiILNZc+ZYNwaXBLQVG0bedDUUttcquD5X3qcSAMOGPZJek4kE3eIXUh6
ppFUs3SV1hJg607wsghjut2KvCj6Psa28XVFgWB1S/Hqncnc4xKUNfr2Oteq
WL9+3OTzpbEpAkcMew7Rs5Ik4qFiV15g18d529/C9E/xtMrzvIBsIJZDrhoJ
2Bunn1HOZV3HRlJ+Qzqx0VmsACXlt6WsOJ2hxbDRIYMdtwRxhR0zI7srPRh8
/0lfjMkO3onD2BCR7PsKu7waiRL7ZTdGsSOegyeVeMWiw0n/JFs643jz7UR0
qrYAn+kMc/RIL0Al3blyyfhBTucMe7MFfdyibfICs3j9BL33CxsCldwdkvns
xjEWwaAx0MuJOQFuQEDIjo4sGDhCwW5M6+xUmM2EVR43XsmvcsE539YmB5y3
cX0uuLOCm5fWfgsos54LJn+Tpuf3iOlTOYoywFSbUshxaw8/pKbf8xL3u1pb
A5KkYZtiUL604fzpcqUzwvViZdSJ2/YgXeXzYyJNsbhexH/+38AeX79SJ6IU
cCSSenx6QspVqLmMVpJRHz60OwmjCsdU1e4meoIxGNnXKsgaRL8rfy18xxhw
la06avFBQFWy2xaa8vptq7zBI1t604JdiiwZHmDZXVWtgmi4AeOd8g8WatjS
EWWIL9J9dZyjsoHey4CkIvz1GntbvlfTAIq2V6voDAba94OnvK6f8Nz21nMr
xly9pzST2hou++lR6SLPGWLTSzHDh3aN6stTDvNLNGsTq2PqWxFb6aKkiy2S
BG1X7GCggpK50PKj6i+W79L4RAXuNxN59BLDs0vcQ5tYQTyXM70MzfqBy6lN
js+uRhibd5FX6yyL51bLNEyk5dj2ooQcz0Q3gLkIXAaWIm2vfD4bOzf7ZiVw
xFtCarVxyDmytwqJW9f/oIUEoWJ/bzsDdSK6I6O4d2Fm+PJZVswozsrQBWR7
w0Uw1qtsOHvQ9LLdHEOMDc4LRZlydeAzbZovmQywoLW4OhGNhixCJWVD1v6q
WMqYbL9NCCmuK9+XOOAVGnXmaFSBEBt7hb58pmdssfpSz+grurqBKzZrT4I2
1gQHnHXapjtTlDcMRN+8pGhK/zo4aMzFJ8gPK3qvZ14zE/9GNQzDU0cm3bad
q4vSNmCsld8qpkMaOyRNSCfkHC1xz3ErYmsy+PmoNtSF5B4Yp9hboE7J8ZCU
BSVzmdi9cbm3dXMM2Yz7iNHgPinqQP/k6UI/dZLCA+12TviEy+1inZDVeckG
sCUKnYTIDXHbu9RYJ4AWoYUNyPMGey213HJ6yyZIZIvSD98iSDuDYxOrH/KB
0LCVxsiC+HxBmlOngTl6MMTdKRXm+7sPpNsC8rfcr2wqAYuwuS2aCVljMlyM
ikFXL7S/MLoqVT2kWFR4sAr5a4K9ED+EC2n/quKFXi1kx1UbSZdHzEP1VoIJ
uNmVVPSN18W6oawLh0v+lBXAO0s4KaVouBYdiGyd2Wzw/u0lNyQ3MfbCy1iP
CSIrtuE4fXPCNUmOpq4tzns+Swhp5D1XtRY9VbxSW9DXCohjN6MbICH5ofFT
ma6DLi/d73U0EGtUGpIV1cOOiXXgtvQIxWKlMfHK9TsRpzJxCFK4AzwbavTm
dWayqVJdKKJ2Ib502ydk4uXfksudOZRR95+k703/D7lkrnwEUb4mCJIBLVaL
dYBIso1NE13UOnfkY0KhaFsy9ZLibBFPRIizGIO9FGojQtuYxxhkIZ6R6RTk
aO4EmiHlbMqZqcwZiK8Dd8iwjiDNpSsTG5l+amwQA0xdy9hOHJ+jjJxuQ/ZD
Kg1OvdVJ+pKTFiINj1H2x9n4siizxEuTA6RemiIV0ixc2b8xomaltVFRU0do
YOo0lTBiCaHBXzEWYyXlHQBdjMyhLUUz5rYEMSOeaWwVJIptczon8eggL5rC
LzzQGOYxBu0CDztIgBxqrCfZGbVWrCixRVce3Cox21Ea9UDfeOtZNXRLsLEO
q9EY5d3UwRmHUsC2aUKUypOTt0i2/T1Vv2T+dm7XV2suF/OjTKOOeU7dRfbv
7VsRi7wiL3oXY0nBmDBTBDwmW8QlYlWgPiFhp3KMgPbySBaGegP/+wGuBvsj
UUp5T3YujlVI9PjY8GcaS5oxJ1Q0323nKVRQWK9ae0+NgsTAC2w0Lhm/nhFZ
xza7hdorNe4hOvqrHf0qUzK7g4QCWqthYqzMexPuNGmkPbPHirbtzEfSfKhP
B/Am2pNtxBmWljX25MSF3xqJ4UV8U6IlBrrW+9aXAs95sb4m00nEY2YjLqnR
AKDDkI4Yrtitgw25ixSTPg0j8+w3lBJbs9Qd3CGnnpBvhkKfhh+aAPgP1NAB
lJo5mIumJNMzvxwl/mimuYVjAO0R25I0REatEzxmqOvxPHn9xPQJdprxg5Ze
jOd4CqO9pPKlV98dHpk+MPfv3Adtjlyv0sBB8aj0ELYg16blk32AIOt6mB94
8Wa2MQJhGnam6c9DMK7Vlou83zBMffe3ICSH6xx9CJ8pr9Z1AdbMGniBMrsX
JF0OTidwk5obnH7GnyUAoWKE5kZpUiFMBqYYDg5Ktk59xQeQYFd2JdWOMT/P
7Jjgb/scdvo5mR7zi2JOGuU1yUhUqAfAkTPPXbEGi9Cw3w/5wfwj0mkLqw6K
0dlcj5+cmH5M/cmYhvfxTVC8rk3GbFusnvYSt8O8IFK54rCpDDWLcuAFwC8l
i6uwfcuCXn9EgibLwgwc14O4R62HObuMF8WpXk9QQAd5qz6za3eP1CapirI5
vTqkgQydY6qldNF0k2hhE9Y8oQjohgo2tZAdknNBr3bkmvstecMJKKyTDc2J
Cys8gqPkqNNlQIQKbQExRvAdIitXIxOGL1wlVFo6vi+JbJwyI6k0Rj2szlNy
YyScmsPpOEXp3Bg2NYcyeEjtZ9eTYUYGlBu2PMySEGWiJer64cw9dJlPVR29
+N6kHbQcsBpyEOdnjCNB01ArLR2sWBdx7qAkjc/wqGYwfhuuI/Knzj17JacR
Ngv/bX9Po+5gfXKp7D8pWnf/wLrz/70+odM1/lW1/l13of1TRjFHlfsazSeP
Mr7m329vNhfc218Q8wmDSef4jBVxHprZ7J9w0J8Mntx4lN9ct6SbzUVtfOqm
KzpBHUUYgZB80dTjYjGeIeLfcBQxiZEFg4iulpxjkZ/vfMpcrtnYm85l80uf
Pcr3yANbaPTJo3wiKg/NhajaMNNtUX6Fje7cdC6b0fDGc+lcMCAyJWeowvz3
Tx5lE6XdeJRwiZ+9oiOTjGgTEVmb/KRRfvN50HXh/a6guDkFtM0tT1x9Ah0N
SLbeFf/7UuOURaZb+eeMch3bvaEkuX5Fr00akFG02MSlnbz5KAN7/mlz2UTk
vzWjvMmtNufZS8OA6IfL0Fw/aZRfLRvp3AFJzgPNaLqo/YQ81kFSz4XScWTx
GZfsfajZkx301RnbVKAtDHQEOuMWSQXjB1k3JdW6gqLObou+WK3LseLEaKu7
imrr+fk2FhWQgdlX4C84yHmK6pujU3W7wCF+57NUqrLYvX93sbc3Hy8e3NHj
u/v3ZuPZw9nD8d34zv3dr76aJ7P9mXp6evrq9t6Ej1l/WsC4xvkEKvLwFDhm
LHMwY6g7u3dA/4CtwVgd3TLlBN65tX1FA1G46xtrCL57mJyu3/7yL88eSBXB
bC/5arF7905rkBsXFMxn9OaJrseHRXGe4um3nwFKqT+j7nyErS0r01mUibXk
yA0VopzR3eqWydbKtBw0AL1KGHndGnswNbJab2QlYZ628S0yJg9+dhQk5G6w
2RT5Ok126FCikHFPdNsCn3accC6rbZOPlxfbzRDQpj0TH57lcxTrkZ1xh03e
gyEHFxvaZOVhs2CFRh2WmgDc8OiMdgc7rgwPPB5t/6M4P9LSxT5bfhDjyvBh
b5z2nFFs9s+ypHThOWWcxwdTXFZYvWfdkRrz93Lnb+16a8kfbiOAkv/k96ES
499rv4D6LcIlrzthom7ozXyR21CsTJRroHmFaMwAgkSaGZjoPjk+6RkxaewN
qcqrTD+BRDI3XLsTPm6YmzBYp/ZQ+4ymZiFpOqJs6JLRU59CnYg+7oxMA6aw
rY0L2JpzDEmmo4sePVxuxl5sy7U28SJXmOuOnVZt5dJEnWDY34v+eWdOFzP2
n1LWhZwF3duVYJ+PTrKH2oRU5rUu1dbXS7HdK/GLGUTt50Tbczz09wruI1EY
15CRyX38c8cwUEs7UuspA/ruy7ollc0BTNYnGOoaVq7DZs61ToL8hj7X9EQ9
1ms5V1xcwlbhcKeT1zhLTA66ZXpiBDNOKz++e1OvGLrjwr6xBvr8YnY12fBB
ousbfjRoMDfzgla9UgAGXxZ0uClysw7BuVxog+BxL4ozy+P8hL4FuF3u67qp
bK/K3mbb2LkDj68NHNAOGuzTrAsDX1RxIsxC7qiXpuEbRQXHWTE3lNALmlaL
BgFIHKZM2ZUFOqXl8sAEbxeSazT2Whh6UNoko21Uuzc07VIlDAtBnkVLd+Fw
Qet+XJFaPhFRUprvP0rFlELAVJPNLRsZErw2b0bD++9yUkjaODYoaTvmm6qQ
Mw1c5miQ0mbDdhxrZ6YmqeTsLM5M0aypLuhbljlb2zZ7AlyjmES79Q5Kxtpk
RmFGC04HE7jADnXDBfmJe3vt0CIfFs9VbofiWMJzxTFzo7Rp1B++4EfkiY+k
w8ac3+GectKB2t2kTEVUMK3EgbAt9SAI11v8erdf3Y6Styob6kuKS1QKdLyy
+UqmlwaqF8hom7U8MNAVs5UYcmt60vNlPj+TJ+YST/Iw2cSccyZpWPCOXEip
+KY9U0sGOKYpSnJD9+bscUYZnucMliSTgD2+aUy6ZWpbbDGgFzHKVMYJeouL
kqlYbEQ94FoPix5q6tHytvbZ0j2C2CWlQmMzDJhPJo09pU+KaXOLxXT2W1UA
Apmd9KLsAoxmVhbNGaUI+h+W7AM6f/2W2fBbNPlbbpxbVOFA6ZWlzpicXWyf
dlbC1Y5MbISu27upYqSgWu/gq6YBKZ+svmi9altuVyZs70RuAA/acq7KCBdh
jwZI16nJVPDVBzeEsRlZcQBjgDtIyhZT+/NbHTjfMuyHyAeMjILzbJo85XB2
iT3IfbMh1/hhsFqxv7A9M8ErteLct4BYhMSAbbBHJDw83vY89EapRLpJh744
ARkg7SMvLEt0p1K0bALpUCeTk9oBuhRUHBjAlf3v41LO4tzWRVGzHqRDxFjs
WsLvj0jRzvQZKIErzhE2TZBkAn7rS3MqJzFZ7NNqw4z1siGrqDaB38qN0Nm3
STTtAsuaK/3gYqMqrZvay6vvpTzrFRAIuUNXJcu1wFQRNoRt0wk58IVOI+0u
e8FNo8qr7heRWzH+M2nDiBLn51meNXjyskv4QLda37Snkh5YoTLtrAuBtZX6
csYRHbmd94zE56lizy1ib651fG6OROm+Yk+COXMBWlLKGIAwN6+et+eL5k0v
Icp73XQgDdontCLJGxqPmjxrCwE6rVbgYk/asZ32N2WDBBpA0KPrxqfQl81s
0yn0YWZDeAp9JDqK2dLOAfT+MfM92sI27jcXQfN583ZPyAic6eGN2ObXdizN
2zxv2SLSoJlKbCq4f/4vg98OYxUVOoa1//jzd0/HHLN/xy2Xntufsz4CMINz
hka38dLI64SMjSTba5WFvHv0Tkipt2csE5W30WFDEnjb0zxuoK5cowFob1rD
bEi4RpCL022bTqf1/vTo99OTd61mq2F3G+pS5mdPGyL2puOYXcDl7FnQqe27
NZgUVIOVckaaM9utyF4WA7BwtbETPO8MgDHy0SNsSgZ4Ryt9evj7Rx3U6X/0
OT46YmWWIGJE3Ea4eJ21ewTUE2PiBeepGfrGKl+WBy7XFffY+VKwV3VcSkUr
djo24/kne7stHfWqol1eC1o3VzA4+BPtcaJ7W/NPc/SIz7i2xTJQL02e3ztG
AzanDqd5YfkT0Ai5xhYWnLgZ8ACLERxqzMNr9UbqArk/CbpexApnKesxSlMu
QJPDoqEkSIbsWbEousRqTpemNb3pHN3nqpcyv+13Np7/bsdVPlHaWK/cRDGD
qbRzUJZcDxfbeo0ym7KYg3A2nynpmGCKS0skuUkFiUwG6/nX8+AX/nukev9N
Jbvp6w3/1KtlDKveU5se6ou+0i+bHXKgDPX1BCm9aGXPODePT28eZ/Ov1kyR
fD5jnGviygNvCm24L1+zrmtjwtf8u24+g79cJkswn5uPMzDzzeO0v/qJ+LMB
WteMcwO62P88umitTJDuuZDHzdYV/gr391Pgs/nXX5IuBn/9ZfBQfnkf/xVw
DmYwPA5lbxwbVwGGHNWaEM843EkojHwJK7nEpNTk3JKXTri1+o5121BdWKUD
L9SX1UYlkUMVLmfbNtc0JXZkSXr2iBFjlERCU8ce/0Y7tTal7RZoD5BAxWd7
vpjgEcW4oK9B9cZWr2ERl2tvsjeRk3g7PYpI23v0TmQ1aZ+eDKdvebAZCKoH
Vl5PZB1Vv6LAmJE5ObPfLku9LoXOqK/x4GTSldGQl2NOPGcDxa8kXybxzF55
Pa7O3W5Q7ap8leJD2IDBaSZj03gprlKwJ9ihHZwo5WzG/sjOZdE5Z0rOcXsF
XxLd43Xg3+H1vrEGXqBaycmULRj7AwCA6aSXrn5lYgmh/h47t09oa6K6d223
CFa+LY4W/rkzPTpe4MYODvkLzCA+qRyDhkqO1utYB3xmtwluui43sytHcTA0
NdToHiDDnlK/drGtfJroSlLMmxV98dgFpmkZVzSGrRn1B3PNQA58i0Bi8uL0
727QgC1pKnMljjm78oAopxTgQI3pI9vjXvKcC1iMTnYT+qLJzW96EjfIb8zB
FOYDY5l0p38hc8butyTk1mfdujr4kdjZHJWwzsQuNzVNEkUjRtObGHTLtSEa
gb1teRRzNLSNvSzWOTYhpQJgPPhAXMDW4K/w7LZ6Z2h9GOKk5I9KUMwfrZBj
B/0NYnQ8s13nBBkWTZZZzyqVvtQh+QwYY444ew+s5DSjkHFixdVZTuU2A5hH
629tg+ej4g4Lgci08lLQkSMb1rzf5Hk2IUIj/jZ6Uh3/5hNZMacoMw1dyQ6e
/H+w8jZpIxt++drIwLN/NVZed6L/cdpsYOTRl/9m5f2nsPJuvq7PHOc/v5XX
neFfiC6e/40uBsb5j7c6SaNn82B8gkdnGhl3wi7clr7OT7pEGOkrZ0SsqQHo
CkTfeqS0SZGhXb1a+l8pOSWKSmFbfmXfI806putP2Pt5m4/oWQTWM90fo+i3
DHpHD+IjNoEJC9OUOdnYn709mTGmDucYhcu6JjUf5egy+q756vSP2CBKr2ba
9fr4surG29e9UVxRVtfkBTA1BO8GF7zDLWHsUu2XqZcsHVWzYeLVgAIo7d5D
XRNDH0FM2hxUdlNN7LJtCF63xaYzdA8S0dlPtrPrddF6z9nSC4O/6X6WV998
nLaCFYDk30mm/FfxrP4t4vA3XfQvpYu2Fb6/0elfDV3Ir7+QLorNN5ug1cs1
bnr3gnjoe1zXXK7jdBJxh8Z4uE+c6HGxWJismyHvdktZwcTyQUc2tr4tcmq2
550tJiXoXPtGjalCvRC1r66P2h5Hjs2pjSeOk9newxsp5vtNIluTltauZGPA
ZcYJX74v3XOs+uEIl9WHUzcTkfY1eITxDNOcqB2hXiywFS/6CqUjlPWjueCG
a9jXzsBaoZ9uemKbwGwwSK7Zh9BAgY2osEFqf2ZRx83Lqxgpd36F1eB6E1pd
d1QaySVMZlmvyvfUdYw0R22Z1uOMLQYezZq008t2Ro2cCGFyjzvIckB41fZw
mh2QSkrjJu9RcE1VQZ+PtPW2SQ2LHhXU7iKkNwww2AofbExsmjcXwVEleJqo
2t6cvMMf2pFcW853zPEM+EV9iZ+ho8yKuphjni9VEVVcXHjFvuYvMHzY0OEJ
h3J+qURSsLsq3wHOYR+ahw91jgv48EG6+D/nhnL4FHUSgy8dT19Mu1/Bqx/F
5jFRGdOFkt6I+TR5HAO4JJX24GjTOZ5VnunkjGsOP3zhrnBX9o/Rh4O8QdNL
J19vLeKs0lvwpbdasqmy9FyS/+P8PPrhn3Ha0yR5Ea909eOHA8ne/3rrNF2p
txN49XGcpzpTT3Rdj6JnBVg06luwcejnW9z6w6Uu4D/P4mYUfdvgTqln2Nuw
1qNoGgMOq1cAsfl5Ooq+adKkALJdrtL6F24N/Yc0zmeFegu7FLWnc6BOXz5+
Sed453gBI8glNeamE8rx2iQSB0OKLVWzhh3qWiczV8Qh58MT6M0J2y4UBlB9
bHbgaYrtia/6QfjDD+pU+OSquDCpihzkxlw0E8Bj2vvxR9i53TtYJ+j63V1/
QBr3J+w978w7VQoGBSBRTTUe3OUJRnymxQ85h5GaEI/Z0SCNn1sUCoO+ppUB
O6FxzNEuCBpibuKsoU7YzAmuK5SCMQ+zuDTF2l5FrWlma9r3cVC/XX8OD2Tx
DNAvrU1pw6MnT0yvWpoxtVrF9FyTYEvlHWleZMUZH3HT5PR9KpJx58vp7uek
qEaga1LnbdcxzM61iXpDxfLEdGGEoyQFVEJBOCcA2PIEnNEifc8sifeUDhDp
nwt2msXKU0SmfUSmE2oGt8BdKG1muJ+CjPQwbRLSAtRx64S/CjcN9hiRcOty
eSVpF0evthAnjZZFMS9s9OgAciznTwA1YUTRpkBz7cCyuAzOc0cZxke+uKAc
yDYpJ5lJCTFWJQ/PVHahXRQactKBxbYw22/ZifHDFYyXeCMsOe6f4MHufOjU
iQQdKRqOxQXrWphMeLIjBRvN95H/aJm2Bz0UcNfRycgIFNtVVDovoEty7XeZ
HPVVpqGU2N2LAmoz5493D+szNcrBwNQBE7CxPUYfRxk8BCY8IsG0KfCG7KB5
R0vITY0arHWZktLD7UPhBjYohcHeVDqgcZNTQH7neDWDGWBpCb4x0zXlCWTp
WW40KcsnOPs+A8nTxGf6RjQ7kgmS0TDHGkusEa8Q/LsI/rffgLTisljOzRLt
g0SFce36RwEkZbyoo/8HcghR+3/XAAA=

-->

</rfc>
