UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8414

OAuth 2.0 Authorization Server Metadata

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 June 2018
Status: active
Page Count: 23
scope:

This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities.

Document History

IETF RFC 8414
June 1, 2018
OAuth 2.0 Authorization Server Metadata
This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and...

References

This document references:
IETF RFC 5785 - Defining Well-Known Uniform Resource Identifiers (URIs)
Published by IETF on April 1, 2010
Introduction It is increasingly common for Web-based protocols to require the discovery of policy or other information about a host ("site-wide metadata") before making a request. For example, the...
This document references:
IETF RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)
Published by IETF on March 1, 2011
Many application technologies enable secure communication between two entities by means of Internet Public Key Infrastructure Using X.509 (PKIX) certificates in the context of Transport Layer...
This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 7009 - OAuth 2.0 Token Revocation
Published by IETF on August 1, 2013
This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer...
This document is referenced by:
GS NFV-SEC 022 - Network Functions Virtualisation (NFV) Release 4; Security; Access Token Specification for API Access
Published by ETSI on January 1, 2024
The present document defines the access tokens and related metadata for RESTful protocols and data model for ETSI NFV Management and Orchestration (MANO) interfaces. It defines also the process for...
This document is referenced by:
IETF RFC 8628 - OAuth 2.0 Device Authorization Grant
Published by IETF on August 1, 2019
Abstract The OAuth 2.0 device authorization grant is designed for Internet-connected devices that either lack a browser to perform a user-agent-based authorization or are input constrained to the...
This document is referenced by:
IETF RFC 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
Published by IETF on February 1, 2020
Abstract This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth...
This document is referenced by:
IETF RFC 8898 - Third-Party Token-Based Authentication and Authorization for Session Initiation Protocol (SIP)
Published by IETF on September 1, 2020
Abstract This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP) and a mechanism by which user authentication and SIP registration authorization is...
This document is referenced by:
RFC 9101 - The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
Published by IETF on August 1, 2021
Abstract The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that authorization request parameters are encoded in the URI of the request...
View Less
View All
Advertisement