OAuth Parameters Created 2012-07-27 Last Updated 2017-06-30 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below * OAuth Access Token Types * OAuth Authorization Endpoint Response Types * OAuth Extensions Error Registry * OAuth Parameters * OAuth Token Type Hints * OAuth URI * OAuth Dynamic Client Registration Metadata * OAuth Token Endpoint Authentication Methods * PKCE Code Challenge Methods * OAuth Token Introspection Response OAuth Access Token Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Available Formats [IMG] CSV Name Additional Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference Bearer Bearer IETF [RFC6750] OAuth Authorization Endpoint Response Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Available Formats [IMG] CSV Name Change Controller Reference code IETF [RFC6749] code id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] code id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] code token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] none [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] token IETF [RFC6749] OAuth Extensions Error Registry Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Available Formats [IMG] CSV Name Usage Protocol Change Controller Reference Location Extension resource bearer invalid_request access error access IETF [RFC6750] response token type resource bearer invalid_token access error access IETF [RFC6750] response token type resource bearer insufficient_scope access error access IETF [RFC6750] response token type revocation token unsupported_token_type endpoint revocation IETF [RFC7009] error endpoint response interaction_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect login_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect session_selection_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect consent_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect invalid_request_uri authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect invalid_request_object authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect request_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect request_uri_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect registration_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect OAuth Parameters Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Available Formats [IMG] CSV Parameter Name Usage Change Controller Reference Location authorization client_id request, IETF [RFC6749] token request client_secret token request IETF [RFC6749] response_type authorization IETF [RFC6749] request authorization redirect_uri request, IETF [RFC6749] token request authorization request, authorization scope response, IETF [RFC6749] token request, token response authorization state request, IETF [RFC6749] authorization response authorization code response, IETF [RFC6749] token request authorization error response, IETF [RFC6749] token response authorization error_description response, IETF [RFC6749] token response authorization error_uri response, IETF [RFC6749] token response grant_type token request IETF [RFC6749] authorization access_token response, IETF [RFC6749] token response authorization token_type response, IETF [RFC6749] token response authorization expires_in response, IETF [RFC6749] token response username token request IETF [RFC6749] password token request IETF [RFC6749] token refresh_token request, IETF [RFC6749] token response nonce authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request display authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request prompt authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request max_age authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request ui_locales authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request claims_locales authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request id_token_hint authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request login_hint authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request acr_values authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request claims authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request registration authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request request authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request request_uri authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request authorization id_token response, [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] access token response authorization session_state response, [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-session-1_0.html] access token response assertion token request IESG [RFC7521] client_assertion token request IESG [RFC7521] client_assertion_type token request IESG [RFC7521] code_verifier token request IESG [RFC7636] code_challenge authorization IESG [RFC7636] request code_challenge_method authorization IESG [RFC7636] request OAuth Token Type Hints Registration Procedure(s) Specification Required with mandatory two-week mailing list review Expert(s) Unassigned Reference [RFC7009] Available Formats [IMG] CSV Hint Value Change Controller Reference access_token IETF [RFC7009] refresh_token IETF [RFC7009] OAuth URI Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6755] Note Prefix: urn:ietf:params:oauth Available Formats [IMG] CSV URN Common Name Change Controller Reference urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type Profile for OAuth 2.0 IESG [RFC7523] urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for OAuth 2.0 Client IESG [RFC7523] Authentication urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 IESG [RFC7522] urn:ietf:params:oauth:client-assertion-type:saml2-bearer SAML 2.0 Bearer Assertion Profile for OAuth 2.0 Client IESG [RFC7522] Authentication urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519] OAuth Dynamic Client Registration Metadata Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591] Note See [RFC7591]for mailing list information. Available Formats [IMG] CSV Client Metadata Name Client Metadata Description Change Controller Reference redirect_uris Array of redirection URIs for use in IESG [RFC7591] redirect-based flows token_endpoint_auth_method Requested authentication method for IESG [RFC7591] the token endpoint grant_types Array of OAuth 2.0 grant types that IESG [RFC7591] the client may use response_types Array of the OAuth 2.0 response IESG [RFC7591] types that the client may use client_name Human-readable name of the client to IESG [RFC7591] be presented to the user client_uri URL of a web page providing IESG [RFC7591] information about the client logo_uri URL that references a logo for the IESG [RFC7591] client scope Space-separated list of OAuth 2.0 IESG [RFC7591] scope values Array of strings representing ways contacts to contact people responsible for IESG [RFC7591] this client, typically email addresses URL that points to a human-readable tos_uri terms of service document for the IESG [RFC7591] client policy_uri URL that points to a human-readable IESG [RFC7591] policy document for the client URL referencing the client's JSON jwks_uri Web Key Set [RFC7517] document IESG [RFC7591] representing the client's public keys Client's JSON Web Key Set [RFC7517] jwks document representing the client's IESG [RFC7591] public keys software_id Identifier for the software that IESG [RFC7591] comprises a client software_version Version identifier for the software IESG [RFC7591] that comprises a client client_id Client identifier IESG [RFC7591] client_secret Client secret IESG [RFC7591] client_id_issued_at Time at which the client identifier IESG [RFC7591] was issued client_secret_expires_at Time at which the client secret will IESG [RFC7591] expire OAuth 2.0 Bearer Token used to registration_access_token access the client configuration IESG [RFC7592] endpoint registration_client_uri Fully qualified URI of the client IESG [RFC7592] registration endpoint [OpenID Connect Dynamic application_type Kind of the application -- "native" [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 or "web" incorporating errata set 2] URL using the https scheme to be [OpenID Connect Dynamic sector_identifier_uri used in calculating Pseudonymous [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Identifiers by the OP incorporating errata set 2] subject_type requested for responses [OpenID Connect Dynamic subject_type to this Client -- "pairwise" or [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 "public" incorporating errata set 2] JWS alg algorithm REQUIRED for [OpenID Connect Dynamic id_token_signed_response_alg signing the ID Token issued to this [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Client incorporating errata set 2] JWE alg algorithm REQUIRED for [OpenID Connect Dynamic id_token_encrypted_response_alg encrypting the ID Token issued to [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 this Client incorporating errata set 2] JWE enc algorithm REQUIRED for [OpenID Connect Dynamic id_token_encrypted_response_enc encrypting the ID Token issued to [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 this Client incorporating errata set 2] [OpenID Connect Dynamic userinfo_signed_response_alg JWS alg algorithm REQUIRED for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 signing UserInfo Responses incorporating errata set 2] [OpenID Connect Dynamic userinfo_encrypted_response_alg JWE alg algorithm REQUIRED for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting UserInfo Responses incorporating errata set 2] [OpenID Connect Dynamic userinfo_encrypted_response_enc JWE enc algorithm REQUIRED for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting UserInfo Responses incorporating errata set 2] JWS alg algorithm that MUST be used [OpenID Connect Dynamic request_object_signing_alg for signing Request Objects sent to [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 the OP incorporating errata set 2] JWE alg algorithm the RP is [OpenID Connect Dynamic request_object_encryption_alg declaring that it may use for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting Request Objects sent to incorporating errata set the OP 2] JWE enc algorithm the RP is [OpenID Connect Dynamic request_object_encryption_enc declaring that it may use for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting Request Objects sent to incorporating errata set the OP 2] JWS alg algorithm that MUST be used for signing the JWT used to [OpenID Connect Dynamic token_endpoint_auth_signing_alg authenticate the Client at the Token [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Endpoint for the private_key_jwt and incorporating errata set client_secret_jwt authentication 2] methods [OpenID Connect Dynamic default_max_age Default Maximum Authentication Age [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 incorporating errata set 2] Boolean value specifying whether the [OpenID Connect Dynamic require_auth_time auth_time Claim in the ID Token is [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 REQUIRED incorporating errata set 2] [OpenID Connect Dynamic default_acr_values Default requested Authentication [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Context Class Reference values incorporating errata set 2] URI using the https scheme that a [OpenID Connect Dynamic initiate_login_uri third party can use to initiate a [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 login by the RP incorporating errata set 2] Array of request_uri values that are [OpenID Connect Dynamic request_uris pre-registered by the RP for use at [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 the OP incorporating errata set 2] OAuth Token Endpoint Authentication Methods Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591] Note See [RFC7591]for mailing list information. Available Formats [IMG] CSV Token Endpoint Authentication Method Name Change Controller Reference none IESG [RFC7591] client_secret_post IESG [RFC7591] client_secret_basic IESG [RFC7591] client_secret_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0] private_key_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0] PKCE Code Challenge Methods Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC7636] Available Formats [IMG] CSV Code Challenge Method Parameter Name Change Controller Reference plain IESG [Section 4.2 of RFC7636] S256 IESG [Section 4.2 of RFC7636] OAuth Token Introspection Response Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7662] Available Formats [IMG] CSV Name Description Change Controller Reference active Token active status IESG [RFC7662, Section 2.2] username User identifier of the resource owner IESG [RFC7662, Section 2.2] client_id Client identifier of the client IESG [RFC7662, Section 2.2] scope Authorized scopes of the token IESG [RFC7662, Section 2.2] token_type Type of the token IESG [RFC7662, Section 2.2] exp Expiration timestamp of the token IESG [RFC7662, Section 2.2] iat Issuance timestamp of the token IESG [RFC7662, Section 2.2] nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2] sub Subject of the token IESG [RFC7662, Section 2.2] aud Audience of the token IESG [RFC7662, Section 2.2] iss Issuer of the token IESG [RFC7662, Section 2.2] jti Unique identifier of the token IESG [RFC7662, Section 2.2] permissions array of objects, each describing a scoped, time-limitable [Kantara_UMA_WG] [Federated Authorization for UMA 2.0, Section permission for a resource 5.1.1] People ID Name Contact URI Last Updated [Kantara_UMA_WG] Kantara Initiative User-Managed Access mailto:staff&kantarainitiative.org 2017-06-29 Work Group [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding mailto:openid-specs-ab&lists.openid.net 2015-12-03 Working Group