OAuth Parameters

Created
2012-07-27
Last Updated
2015-12-03
Available Formats

XML

HTML

Plain text

Registries included below

OAuth Access Token Types

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6749]
Available Formats

CSV
Name Additional Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference
Bearer Bearer IETF [RFC6750]

OAuth Authorization Endpoint Response Types

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6749]
Available Formats

CSV
Name Change Controller Reference
code IETF [RFC6749]
code id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
code id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
code token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
none [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html]
token IETF [RFC6749]

OAuth Extensions Error Registry

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6749]
Available Formats

CSV
Name Usage Location Protocol Extension Change Controller Reference
invalid_request resource access error response bearer access token type IETF [RFC6750]
invalid_token resource access error response bearer access token type IETF [RFC6750]
insufficient_scope resource access error response bearer access token type IETF [RFC6750]
unsupported_token_type revocation endpoint error response token revocation endpoint IETF [RFC7009]
interaction_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
login_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
session_selection_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
consent_required authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
invalid_request_uri authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
invalid_request_object authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request_not_supported authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request_uri_not_supported authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
registration_not_supported authorization endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]

OAuth Parameters

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6749]
Available Formats

CSV
Name Parameter Usage Location Change Controller Reference
client_id authorization request, token request IETF [RFC6749]
client_secret token request IETF [RFC6749]
response_type authorization request IETF [RFC6749]
redirect_uri authorization request, token request IETF [RFC6749]
scope authorization request, authorization response, token request, token response IETF [RFC6749]
state authorization request, authorization response IETF [RFC6749]
code authorization response, token request IETF [RFC6749]
error authorization response, token response IETF [RFC6749]
error_description authorization response, token response IETF [RFC6749]
error_uri authorization response, token response IETF [RFC6749]
grant_type token request IETF [RFC6749]
access_token authorization response, token response IETF [RFC6749]
token_type authorization response, token response IETF [RFC6749]
expires_in authorization response, token response IETF [RFC6749]
username token request IETF [RFC6749]
password token request IETF [RFC6749]
refresh_token token request, token response IETF [RFC6749]
nonce authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
display authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
prompt authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
max_age authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
ui_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
claims_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
id_token_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
login_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
acr_values authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
claims authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
registration authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
request_uri authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
id_token authorization response, access token response [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html]
session_state authorization response, access token response [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-session-1_0.html]
assertion token request IESG [RFC7521]
client_assertion token request IESG [RFC7521]
client_assertion_type token request IESG [RFC7521]
code_verifier token request IESG [RFC7636]
code_challenge authorization request IESG [RFC7636]
code_challenge_method authorization request IESG [RFC7636]

OAuth Token Type Hints

Registration Procedure(s)
Specification Required with mandatory two-week mailing list review
Expert(s)
Unassigned
Reference
[RFC7009]
Available Formats

CSV
Hint Value Change Controller Reference
access_token IETF [RFC7009]
refresh_token IETF [RFC7009]

OAuth URI

Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig
Reference
[RFC6755]
Note
Prefix: urn:ietf:params:oauth
    
Available Formats

CSV
URN Common Name Change Controller Reference
urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type Profile for OAuth 2.0 IESG [RFC7523]
urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for OAuth 2.0 Client Authentication IESG [RFC7523]
urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 IESG [RFC7522]
urn:ietf:params:oauth:client-assertion-type:saml2-bearer SAML 2.0 Bearer Assertion Profile for OAuth 2.0 Client Authentication IESG [RFC7522]
urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519]

OAuth Dynamic Client Registration Metadata

Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7591]
Note
See [RFC7591]for mailing list information.
    
Available Formats

CSV
Client Metadata Name Client Metadata Description Change Controller Reference
redirect_uris Array of redirection URIs for use in redirect-based flows IESG [RFC7591]
token_endpoint_auth_method Requested authentication method for the token endpoint IESG [RFC7591]
grant_types Array of OAuth 2.0 grant types that the client may use IESG [RFC7591]
response_types Array of the OAuth 2.0 response types that the client may use IESG [RFC7591]
client_name Human-readable name of the client to be presented to the user IESG [RFC7591]
client_uri URL of a web page providing information about the client IESG [RFC7591]
logo_uri URL that references a logo for the client IESG [RFC7591]
scope Space-separated list of OAuth 2.0 scope values IESG [RFC7591]
contacts Array of strings representing ways to contact people responsible for this client, typically email addresses IESG [RFC7591]
tos_uri URL that points to a human-readable terms of service document for the client IESG [RFC7591]
policy_uri URL that points to a human-readable policy document for the client IESG [RFC7591]
jwks_uri URL referencing the client's JSON Web Key Set [RFC7517] document representing the client's public keys IESG [RFC7591]
jwks Client's JSON Web Key Set [RFC7517] document representing the client's public keys IESG [RFC7591]
software_id Identifier for the software that comprises a client IESG [RFC7591]
software_version Version identifier for the software that comprises a client IESG [RFC7591]
client_id Client identifier IESG [RFC7591]
client_secret Client secret IESG [RFC7591]
client_id_issued_at Time at which the client identifier was issued IESG [RFC7591]
client_secret_expires_at Time at which the client secret will expire IESG [RFC7591]
registration_access_token OAuth 2.0 Bearer Token used to access the client configuration endpoint IESG [RFC7592]
registration_client_uri Fully qualified URI of the client registration endpoint IESG [RFC7592]
application_type Kind of the application -- "native" or "web" [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
sector_identifier_uri URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
subject_type subject_type requested for responses to this Client -- "pairwise" or "public" [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
id_token_signed_response_alg JWS alg algorithm REQUIRED for signing the ID Token issued to this Client [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
id_token_encrypted_response_alg JWE alg algorithm REQUIRED for encrypting the ID Token issued to this Client [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
id_token_encrypted_response_enc JWE enc algorithm REQUIRED for encrypting the ID Token issued to this Client [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
userinfo_signed_response_alg JWS alg algorithm REQUIRED for signing UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
userinfo_encrypted_response_alg JWE alg algorithm REQUIRED for encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
userinfo_encrypted_response_enc JWE enc algorithm REQUIRED for encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_object_signing_alg JWS alg algorithm that MUST be used for signing Request Objects sent to the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_object_encryption_alg JWE alg algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_object_encryption_enc JWE enc algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
token_endpoint_auth_signing_alg JWS alg algorithm that MUST be used for signing the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
default_max_age Default Maximum Authentication Age [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
require_auth_time Boolean value specifying whether the auth_time Claim in the ID Token is REQUIRED [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
default_acr_values Default requested Authentication Context Class Reference values [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
initiate_login_uri URI using the https scheme that a third party can use to initiate a login by the RP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]
request_uris Array of request_uri values that are pre-registered by the RP for use at the OP [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2]

OAuth Token Endpoint Authentication Methods

Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7591]
Note
See [RFC7591]for mailing list information.
    
Available Formats

CSV
Token Endpoint Authentication Method Name Change Controller Reference
none IESG [RFC7591]
client_secret_post IESG [RFC7591]
client_secret_basic IESG [RFC7591]
client_secret_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0]
private_key_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0]

PKCE Code Challenge Methods

Registration Procedure(s)
Specification Required
Expert(s)
Unassigned
Reference
[RFC7636]
Available Formats

CSV
Code Challenge Method Parameter Name Change Controller Reference
plain IESG [Section 4.2 of RFC7636]
S256 IESG [Section 4.2 of RFC7636]

OAuth Token Introspection Response

Registration Procedure(s)
Specification Required
Expert(s)
Unassigned
Reference
[RFC7662]
Available Formats

CSV
Name Description Change Controller Reference
active Token active status IESG [RFC7662, Section 2.2]
username User identifier of the resource owner IESG [RFC7662, Section 2.2]
client_id Client identifier of the client IESG [RFC7662, Section 2.2]
scope Authorized scopes of the token IESG [RFC7662, Section 2.2]
token_type Type of the token IESG [RFC7662, Section 2.2]
exp Expiration timestamp of the token IESG [RFC7662, Section 2.2]
iat Issuance timestamp of the token IESG [RFC7662, Section 2.2]
nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2]
sub Subject of the token IESG [RFC7662, Section 2.2]
aud Audience of the token IESG [RFC7662, Section 2.2]
iss Issuer of the token IESG [RFC7662, Section 2.2]
jti Unique identifier of the token IESG [RFC7662, Section 2.2]

People

ID Name Contact URI Last Updated
[OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding Working Group mailto:openid-specs-ab&lists.openid.net 2015-12-03