UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9396

OAuth 2.0 Rich Authorization Requests

active, Most Current
Organization: IETF
Publication Date: 1 May 2023
Status: active
Page Count: 38
scope:

This document specifies a new parameter authorization_details that is used to carry finegrained authorization data in OAuth messages.

Document History

RFC 9396
May 1, 2023
OAuth 2.0 Rich Authorization Requests
This document specifies a new parameter authorization_details that is used to carry finegrained authorization data in OAuth messages.

References

This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 7591 - OAuth 2.0 Dynamic Client Registration Protocol
Published by IETF on July 1, 2015
This specification defines mechanisms for dynamically registering OAuth 2.0 clients with authorization servers. Registration requests send a set of desired client metadata values to the authorization...
This document references:
IETF RFC 7662 - OAuth 2.0 Token Introspection
Published by IETF on October 1, 2015
This specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about...
This document references:
IETF RFC 8414 - OAuth 2.0 Authorization Server Metadata
Published by IETF on June 1, 2018
This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and...
This document references:
IETF RFC 8628 - OAuth 2.0 Device Authorization Grant
Published by IETF on August 1, 2019
Abstract The OAuth 2.0 device authorization grant is designed for Internet-connected devices that either lack a browser to perform a user-agent-based authorization or are input constrained to the...
This document references:
IETF RFC 8707 - Resource Indicators for OAuth 2.0
Published by IETF on February 1, 2020
Abstract This document specifies an extension to the OAuth 2.0 Authorization Framework defining request parameters that enable a client to explicitly signal to an authorization server about the...
This document references:
RFC 9101 - The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
Published by IETF on August 1, 2021
Abstract The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that authorization request parameters are encoded in the URI of the request...
This document references:
RFC 9126 - OAuth 2.0 Pushed Authorization Requests
Published by IETF on September 1, 2021
Abstract This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct...
View Less
View All
Advertisement