RFC 6749 (OAuth 2.0 Core)
RFC 6750 (Bearer Tokens)
RFC 6819 (Threat Model and Security Considerations)
RFC 8252 (OAuth for Native Apps)
RFC 8628 (Device Grant)
OAuth 2.0 Security Best Current Practice
RFC 7009 (Token Revocation)
RFC 8414 (Authorization Server Metadata)
RFC 7519 (JWT)