What's new in OAuth 2.1?

The proposed OAuth 2.1 specification aims to consolidate security best practices and improve the overall security of the OAuth protocol. It builds upon the foundation of the existing OAuth 2.0 specification, inheriting all behavior not explicitly omitted or changed, while introducing new security measures such as PKCE, stricter redirect URI comparisons, removal of insecure grants like Implicit and Resource Owner Password Credentials, and improved refresh token management. The specification is currently under discussion on the OAuth mailing list, and its release is expected to follow best practices for securing access tokens and protecting against common attacks. As with any protocol evolution, it's essential to stay informed about updates and changes to ensure compliance with the new specification.