From b81233a4afc44bea97c7f415f36613fb99bf5351 Mon Sep 17 00:00:00 2001 From: Joshua Sorah Date: Tue, 13 Feb 2024 07:53:56 -0500 Subject: [PATCH] [docs] Align OAuth 2.0 Security Best Current Practice links (#24706) Closes keycloak/keycloak#24705 Signed-off-by: Joshua Sorah --- .../securing_apps/topics/oidc/supported-grant-types.adoc | 4 ++-- docs/documentation/server_admin/topics/threat.adoc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/documentation/securing_apps/topics/oidc/supported-grant-types.adoc b/docs/documentation/securing_apps/topics/oidc/supported-grant-types.adoc index 0efa025f15..32607d156a 100644 --- a/docs/documentation/securing_apps/topics/oidc/supported-grant-types.adoc +++ b/docs/documentation/securing_apps/topics/oidc/supported-grant-types.adoc @@ -28,14 +28,14 @@ browser history. You can somewhat mitigate this problem by using short expiratio For more details, see the https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth[Implicit Flow] in the OpenID Connect specification. -Per current https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-23#name-implicit-grant[OAuth 2.0 Security Best Current Practice], this flow should not be used. +Per current https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#name-implicit-grant[OAuth 2.0 Security Best Current Practice], this flow should not be used. This flow is removed from the future https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-09[OAuth 2.1 specification]. [[_resource_owner_password_credentials_flow]] ==== Resource Owner Password Credentials Resource Owner Password Credentials, referred to as Direct Grant in {project_name}, allows exchanging user credentials for tokens. -Per current https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-23#name-resource-owner-password-cre[OAuth 2.0 Security Best Practices], +Per current https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#name-resource-owner-password-cre[OAuth 2.0 Security Best Practices], this flow should not be used, preferring alternative methods such as <> or <>. The limitations of using this flow include: diff --git a/docs/documentation/server_admin/topics/threat.adoc b/docs/documentation/server_admin/topics/threat.adoc index 8870348323..1deebe943c 100644 --- a/docs/documentation/server_admin/topics/threat.adoc +++ b/docs/documentation/server_admin/topics/threat.adoc @@ -2,4 +2,4 @@ [[mitigating_security_threats]] == Mitigating security threats -Security vulnerabilities exist in any authentication server. See the Internet Engineering Task Force's (IETF) https://datatracker.ietf.org/doc/html/rfc6819[OAuth 2.0 Threat Model] and the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-15[OAuth 2.0 Security Best Current Practice] for more information. +Security vulnerabilities exist in any authentication server. See the Internet Engineering Task Force's (IETF) https://datatracker.ietf.org/doc/html/rfc6819[OAuth 2.0 Threat Model] and the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics[OAuth 2.0 Security Best Current Practice] for more information.