UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9207

OAuth 2.0 Authorization Server Issuer Identification

active, Most Current
Organization: IETF
Publication Date: 1 March 2022
Status: active
Page Count: 9
scope:

Abstract

This document specifies a new parameter called iss. This parameter is used to explicitly include the issuer identifier of the authorization server in the authorization response of an OAuth authorization flow. The iss parameter serves as an effective countermeasure to "mix-up attacks".

Document History

RFC 9207
March 1, 2022
OAuth 2.0 Authorization Server Issuer Identification
Abstract This document specifies a new parameter called iss. This parameter is used to explicitly include the issuer identifier of the authorization server in the authorization response of an OAuth...

References

This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 7591 - OAuth 2.0 Dynamic Client Registration Protocol
Published by IETF on July 1, 2015
This specification defines mechanisms for dynamically registering OAuth 2.0 clients with authorization servers. Registration requests send a set of desired client metadata values to the authorization...
This document references:
IETF RFC 8414 - OAuth 2.0 Authorization Server Metadata
Published by IETF on June 1, 2018
This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and...
This document references:
RFC 9101 - The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
Published by IETF on August 1, 2021
Abstract The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that authorization request parameters are encoded in the URI of the request...
View Less
View All
Advertisement