Authentication and Authorization for Constrained Environments (ACE)2021-07-272023-07-19ACE Authorization Server Request Creation Hintsless than -65536Private Use-65536 to -257Specification Required-256 to 255Standards Action256 to 65535Specification Requiredgreater than 65535Expert ReviewGöran Selander, Cigdem SengulReserved for Private Useless than -65536AS1text stringkid2byte stringaudience5text stringscope9text or byte stringcnonce39byte stringOAuth Error Code CBOR Mappingsless than -65536Private Use-65536 or greaterExpert ReviewGöran Selander, Cigdem SengulReserved for Private Useless than -65536invalid_request1RFC 6749, Section 5.2invalid_client2RFC 6749, Section 5.2invalid_grant3RFC 6749, Section 5.2unauthorized_client4RFC 6749, Section 5.2unsupported_grant_type5RFC 6749, Section 5.2invalid_scope6RFC 6749, Section 5.2unsupported_pop_key7incompatible_ace_profiles8OAuth Grant Type CBOR Mappingsless than -65536Private Use-65536 or greaterExpert ReviewGöran Selander, Cigdem SengulReserved for Private Useless than -65536password0RFC 6749, Section 4.3.2authorization_code1RFC 6749, Section 4.1.3client_credentials2RFC 6749, Section 4.4.2refresh_token3RFC 6749, Section 6OAuth Access Token Type CBOR Mappingsless than -65536Private Use-65536 or greaterExpert ReviewGöran Selander, Cigdem SengulReserved for Private Useless than -65536Bearer1PoP2ACE Profilesless than -65536Private Use-65536 to -257Specification Required-256 to 255Standards Action256 to 65535Specification Requiredgreater than 65535Expert ReviewGöran Selander, Cigdem SengulReserved for Private Useless than -65536coap_dtlsProfile for delegating client Authentication and
Authorization for Constrained Environments by establishing a
Datagram Transport Layer Security (DTLS) or Transport Layer
Security (TLS) channel between resource-constrained nodes.1coap_oscoreProfile for using OSCORE to secure communication
between constrained nodes using the Authentication and
Authorization for Constrained Environments framework.2mqtt_tlsProfile for delegating Client authentication and
authorization using MQTT for the Client and Broker (RS) interactions
and HTTP for the AS interactions. TLS is used for confidentiality and
integrity protection and server authentication. Client authentication
can be provided either via TLS or using in-band PoP validation at the
MQTT application layer.3OAuth Parameters CBOR Mappingsless than -65536Private Use-65536 or greaterExpert ReviewGöran Selander, Cigdem SengulReserved for Private Useless than -65536access_token1byte stringexpires_in2unsigned integerreq_cnf4mapRFC9201, Section 3.1audience5text stringcnf8mapRFC9201, Section 3.2scope9text or byte stringclient_id24text stringclient_secret25byte stringresponse_type26text stringredirect_uri27text stringstate28text stringcode29byte stringerror30integererror_description31text stringerror_uri32text stringgrant_type33unsigned integertoken_type34integerusername35text stringpassword36text stringrefresh_token37byte stringace_profile38integercnonce39byte stringnonce140bstrrs_cnf41mapRFC9201, Section 3.2nonce242bstrace_client_recipientid43bstrace_server_recipientid44bstrOAuth Token Introspection Response CBOR Mappingsless than -65536Private Use-65536 or greaterExpert ReviewGöran Selander, Cigdem SengulReserved for Private Useless than -65536iss1text stringsub2text stringaud3text stringexp4integer or floating-point numbernbf5integer or floating-point numberiat6integer or floating-point numbercti7byte stringcnf8mapRFC9201, Section 4scope9text or byte stringactive10True or Falsetoken11byte stringclient_id24text stringerror30integererror_description31text stringerror_uri32text stringtoken_type_hint33text stringtoken_type34integerusername35text stringace_profile38integercnonce39byte stringexi40unsigned integerOSCORE Security Context Parametersless than -65536Private Use-65536 to -257Specification Required-256 to 255Standards Action With Expert Review256 to 65535Specification Requiredgreater than 65535Expert ReviewStrings of length 1Standards Action With Expert ReviewStrings of length 2Specification RequiredStrings of length greater than 2Expert ReviewGöran Selander, Cigdem SengulReserved for Private Useidbyte stringOSCORE Input Material Identifierversionunsigned integerOSCORE Versionmsbyte stringOSCORE Master Secret valuehkdftext string / integerCOSE Algorithms Values (HMAC-based)OSCORE HKDF valuealgtext string / integerCOSE Algorithms Values (AEAD)OSCORE AEAD Algorithm valuesaltbyte stringan input to OSCORE Master Salt valuecontextIdbyte stringOSCORE ID Context value