RFC 6749 (OAuth 2.0 Core)
RFC 6750 (Bearer Tokens)
RFC 6819 (Threat Model and Security Considerations)
RFC 8252 (OAuth for Native Apps)
RFC 8628 (Device Grant)
OAuth for Browser-Based Apps OAuth 2.0 Security Best Current PracticeRFC 7009 (Token Revocation)
RFC 8414 (Authorization Server Metadata)
RFC 7519 (JWT)
JWT Best Current Practice A Look at the Draft for JWT BCP JWT Profile for Access Tokens Hard Parts of JWT Security