OAuth Parameters

Created
2012-07-27
Last Updated
2018-06-29
Available Formats

XML

HTML

Plain text

Registries included below

OAuth Access Token Types

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6749][RFC8414]
Available Formats

CSV
Name Additional Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference
Bearer Bearer IETF [RFC6750]

OAuth Authorization Endpoint Response Types

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6749]
Available Formats

CSV
Name Change Controller Reference
code IETF [RFC6749]
code id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
code id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
code token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
none [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
token IETF [RFC6749]

OAuth Extensions Error Registry

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC674LANGUAGES AND SCRIPTS SUPPORTED FOR THE USER INTERFACE, REPRESENTED AS A JSON ARRAY OF 9]
Available Formats

CSV
Name Usage Location Protocol Extension Change Controller Reference
invalid_request resource access error response bearer access token type IETF [RFC6750]
invalid_token resource access error response bearer access token type IETF [RFC6750]
insufficient_scope resource access error response bearer access token type IETF [RFC6750]
unsupported_token_type revocation endpoint error response token revocation endpoint IETF [RFC7009]
interaction_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
login_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
session_selection_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
consent_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
invalid_request_uri authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
invalid_request_object authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request_not_supported authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request_uri_not_supported authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
registration_not_supported authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
need_info (and its subsidiary parameters) authorization server response, token endpoint Kantara UMA [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.6]
request_denied authorization server response, token endpoint Kantara UMA [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.6]
request_submitted (and its subsidiary parameters) authorization server response, token endpoint Kantara UMA [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.6]

OAuth Parameters

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6749]
Available Formats

CSV
Name Parameter Usage Location Change Controller Reference
client_id authorization request, token request IETF [RFC6749]
client_secret token request IETF [RFC6749]
response_type authorization request IETF [RFC6749]
redirect_uri authorization request, token request IETF [RFC6749]
scope authorization request, authorization response, token request, token response IETF [RFC6749]
state authorization request, authorization response IETF [RFC6749]
code authorization response, token request IETF [RFC6749]
error authorization response, token response IETF [RFC6749]
error_description authorization response, token response IETF [RFC6749]
error_uri authorization response, token response IETF [RFC6749]
grant_type token request IETF [RFC6749]
access_token authorization response, token response IETF [RFC6749]
token_type authorization response, token response IETF [RFC6749]
expires_in authorization response, token response IETF [RFC6749]
username token request IETF [RFC6749]
password token request IETF [RFC6749]
refresh_token token request, token response IETF [RFC6749]
nonce authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
display authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
prompt authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
max_age authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
ui_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
claims_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
id_token_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
login_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
acr_values authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
claims authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
registration authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request_uri authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
id_token authorization response, access token response [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
session_state authorization response, access token response [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-session-1_0.html]
assertion token request IESG [RFC7521]
client_assertion token request IESG [RFC7521]
client_assertion_type token request IESG [RFC7521]
code_verifier token request IESG [RFC7636]
code_challenge authorization request IESG [RFC7636]
code_challenge_method authorization request IESG [RFC7636]
claim_token client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1]
pct client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1]
pct authorization server response, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.5]
rpt client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1]
ticket client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1]
upgraded authorization server response, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.5]

OAuth Token Type Hints

Registration Procedure(s)
Specification Required with mandatory two-week mailing list review
Expert(s)
Torsten Lodderstedt
Reference
[RFC7009]
Available Formats

CSV
Hint Value Change Controller Reference
access_token IETF [RFC7009]
refresh_token IETF [RFC7009]
pct [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.7]

OAuth URI

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6755]
Note
Prefix: urn:ietf:params:oauth
    
Available Formats

CSV
URN Common Name Change Controller Reference
urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type Profile for OAuth 2.0 IESG [RFC7523]
urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for OAuth 2.0 Client Authentication IESG [RFC7523]
urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 IESG [RFC7522]
urn:ietf:params:oauth:client-assertion-type:saml2-bearer SAML 2.0 Bearer Assertion Profile for OAuth 2.0 Client Authentication IESG [RFC7522]
urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519]

OAuth Dynamic Client Registration Metadata

Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7591]
Note
See [RFC7591]for mailing list information.
    
Available Formats

CSV
Client Metadata Name Client Metadata Description Change Controller Reference
redirect_uris Array of redirection URIs for use in redirect-based flows IESG [RFC7591]
token_endpoint_auth_method Requested authentication method for the token endpoint IESG [RFC7591]
grant_types Array of OAuth 2.0 grant types that the client may use IESG [RFC7591]
response_types Array of the OAuth 2.0 response types that the client may use IESG [RFC7591]
client_name Human-readable name of the client to be presented to the user IESG [RFC7591]
client_uri URL of a web page providing information about the client IESG [RFC7591]
logo_uri URL that references a logo for the client IESG [RFC7591]
scope Space-separated list of OAuth 2.0 scope values IESG [RFC7591]
contacts Array of strings representing ways to contact people responsible for this client, typically email addresses IESG [RFC7591]
tos_uri URL that points to a human-readable terms of service document for the client IESG [RFC7591]
policy_uri URL that points to a human-readable policy document for the client IESG [RFC7591]
jwks_uri URL referencing the client's JSON Web Key Set [RFC7517] document representing the client's public keys IESG [RFC7591]
jwks Client's JSON Web Key Set [RFC7517] document representing the client's public keys IESG [RFC7591]
software_id Identifier for the software that comprises a client IESG [RFC7591]
software_version Version identifier for the software that comprises a client IESG [RFC7591]
client_id Client identifier IESG [RFC7591]
client_secret Client secret IESG [RFC7591]
client_id_issued_at Time at which the client identifier was issued IESG [RFC7591]
client_secret_expires_at Time at which the client secret will expire IESG [RFC7591]
registration_access_token OAuth 2.0 Bearer Token used to access the client configuration endpoint IESG [RFC7592]
registration_client_uri Fully qualified URI of the client registration endpoint IESG [RFC7592]
application_type Kind of the application -- "native" or "web" [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
sector_identifier_uri URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
subject_type subject_type requested for responses to this Client -- "pairwise" or "public" [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
id_token_signed_response_alg JWS alg algorithm REQUIRED for signing the ID Token issued to this Client [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
id_token_encrypted_response_alg JWE alg algorithm REQUIRED for encrypting the ID Token issued to this Client [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
id_token_encrypted_response_enc JWE enc algorithm REQUIRED for encrypting the ID Token issued to this Client [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
userinfo_signed_response_alg JWS alg algorithm REQUIRED for signing UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
userinfo_encrypted_response_alg JWE alg algorithm REQUIRED for encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
userinfo_encrypted_response_enc JWE enc algorithm REQUIRED for encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_object_signing_alg JWS alg algorithm that MUST be used for signing Request Objects sent to the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_object_encryption_alg JWE alg algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_object_encryption_enc JWE enc algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
token_endpoint_auth_signing_alg JWS alg algorithm that MUST be used for signing the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
default_max_age Default Maximum Authentication Age [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
require_auth_time Boolean value specifying whether the auth_time Claim in the ID Token is REQUIRED [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
default_acr_values Default requested Authentication Context Class Reference values [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
initiate_login_uri URI using the https scheme that a third party can use to initiate a login by the RP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_uris Array of request_uri values that are pre-registered by the RP for use at the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
claims_redirect_uris claims redirection endpoints [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 2]

OAuth Token Endpoint Authentication Methods

Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7591][RFC8414]
Note
See [RFC7591]for mailing list information.
    
Available Formats

CSV
Token Endpoint Authentication Method Name Change Controller Reference
none IESG [RFC7591]
client_secret_post IESG [RFC7591]
client_secret_basic IESG [RFC7591]
client_secret_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0]
private_key_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0]

PKCE Code Challenge Methods

Registration Procedure(s)
Specification Required
Expert(s)
Unassigned
Reference
[RFC7636]
Available Formats

CSV
Code Challenge Method Parameter Name Change Controller Reference
plain IESG [Section 4.2 of RFC7636]
S256 IESG [Section 4.2 of RFC7636]

OAuth Token Introspection Response

Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7662]
Available Formats

CSV
Name Description Change Controller Reference
active Token active status IESG [RFC7662, Section 2.2]
username User identifier of the resource owner IESG [RFC7662, Section 2.2]
client_id Client identifier of the client IESG [RFC7662, Section 2.2]
scope Authorized scopes of the token IESG [RFC7662, Section 2.2]
token_type Type of the token IESG [RFC7662, Section 2.2]
exp Expiration timestamp of the token IESG [RFC7662, Section 2.2]
iat Issuance timestamp of the token IESG [RFC7662, Section 2.2]
nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2]
sub Subject of the token IESG [RFC7662, Section 2.2]
aud Audience of the token IESG [RFC7662, Section 2.2]
iss Issuer of the token IESG [RFC7662, Section 2.2]
jti Unique identifier of the token IESG [RFC7662, Section 2.2]
permissions array of objects, each describing a scoped, time-limitable permission for a resource [Kantara_UMA_WG] [Federated Authorization for UMA 2.0, Section 5.1.1]

OAuth Authorization Server Metadata

Registration Procedure(s)
Specification Required
Expert(s)
Unassigned
Reference
[RFC8414]
Available Formats

CSV
Metadata Name Metadata Description Change Controller Reference
issuer Authorization server's issuer identifier URL IESG [RFC8414, Section 2]
authorization_endpoint URL of the authorization server's authorization endpoint IESG [RFC8414, Section 2]
token_endpoint URL of the authorization server's token endpoint IESG [RFC8414, Section 2]
jwks_uri URL of the authorization server's JWK Set document IESG [RFC8414, Section 2]
registration_endpoint URL of the authorization server's OAuth 2.0 Dynamic Client Registration Endpoint IESG [RFC8414, Section 2]
scopes_supported JSON array containing a list of the OAuth 2.0 "scope" values that this authorization server supports IESG [RFC8414, Section 2]
response_types_supported JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports IESG [RFC8414, Section 2]
response_modes_supported JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports IESG [RFC8414, Section 2]
grant_types_supported JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports IESG [RFC8414, Section 2]
token_endpoint_auth_methods_supported JSON array containing a list of client authentication methods supported by this token endpoint IESG [RFC8414, Section 2]
token_endpoint_auth_signing_alg_values_supported JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client at the token endpoint IESG [RFC8414, Section 2]
service_documentation URL of a page containing human-readable information that developers might want or need to know when using the authorization server IESG [RFC8414, Section 2]
ui_locales_supported Languages and scripts supported for the user interface, represented as a JSON array of language tag values from [BCP47] IESG [RFC8414, Section 2]
op_policy_uri URL that the authorization server provides to the person registering the client to read about the authorization server's requirements on how the client can use the data provided by the authorization server IESG [RFC8414, Section 2]
op_tos_uri URL that the authorization server provides to the person registering the client to read about the authorization server's terms of service IESG [RFC8414, Section 2]
revocation_endpoint URL of the authorization server's OAuth 2.0 revocation endpoint IESG [RFC8414, Section 2]
revocation_endpoint_auth_methods_supported JSON array containing a list of client authentication methods supported by this revocation endpoint IESG [RFC8414, Section 2]
revocation_endpoint_auth_signing_alg_values_supported JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client at the revocation endpoint IESG [RFC8414, Section 2]
introspection_endpoint URL of the authorization server's OAuth 2.0 introspection endpoint IESG [RFC8414, Section 2]
introspection_endpoint_auth_methods_supported JSON array containing a list of client authentication methods supported by this introspection endpoint IESG [RFC8414, Section 2]
introspection_endpoint_auth_signing_alg_values_supported JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client at the introspection endpoint IESG [RFC8414, Section 2]
code_challenge_methods_supported PKCE code challenge methods supported by this authorization server IESG [RFC8414, Section 2]
signed_metadata Signed JWT containing metadata values about the authorization server as claims IESG [RFC8414, Section 2.1]

People

ID Name Contact URI Last Updated
[Kantara_UMA_WG] Kantara Initiative User-Managed Access Work Group mailto:staff&kantarainitiative.org 2018-04-23
[OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding Working Group mailto:openid-specs-ab&lists.openid.net 2015-12-03