OAuth Parameters Created 2012-07-27 Last Updated 2019-09-13 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below * OAuth Access Token Types * OAuth Authorization Endpoint Response Types * OAuth Extensions Error Registry * OAuth Parameters * OAuth Token Type Hints * OAuth URI * OAuth Dynamic Client Registration Metadata * OAuth Token Endpoint Authentication Methods * PKCE Code Challenge Methods * OAuth Token Introspection Response * OAuth Authorization Server Metadata OAuth Access Token Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749][RFC8414] Note Registration requests should be sent to the mailing list described in [RFC8414]. Available Formats [IMG] CSV Name Additional Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference Bearer Bearer IETF [RFC6750] N_A IESG [RFC-ietf-oauth-token-exchange-19, Section 2.2.1] OAuth Authorization Endpoint Response Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Note Registration requests should be sent to the mailing list described in [RFC6749]. Available Formats [IMG] CSV Name Change Controller Reference code IETF [RFC6749] code id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] code id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] code token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] none [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] token IETF [RFC6749] OAuth Extensions Error Registry Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Note Registration requests should be sent to the mailing list described in [RFC6749]. Available Formats [IMG] CSV Name Usage Location Protocol Change Controller Reference Extension resource bearer invalid_request access error access IETF [RFC6750] response token type resource bearer invalid_token access error access IETF [RFC6750] response token type resource bearer insufficient_scope access error access IETF [RFC6750] response token type revocation token unsupported_token_type endpoint error revocation IETF [RFC7009] response endpoint interaction_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] login_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] session_selection_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] consent_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] invalid_request_uri authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] invalid_request_object authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] request_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] request_uri_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] registration_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating endpoint Connect errata set 1] authorization need_info (and its server Kantara [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section subsidiary parameters) response, UMA 3.3.6] token endpoint authorization request_denied server Kantara [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section response, UMA 3.3.6] token endpoint authorization request_submitted (and its server Kantara [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section subsidiary parameters) response, UMA 3.3.6] token endpoint authorization_pending Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response access_denied Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response slow_down Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response expired_token Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response implicit grant error resource invalid_target response, parameter IESG [RFC-ietf-oauth-resource-indicators-08] token error response OAuth Parameters Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Note Registration requests should be sent to the mailing list described in [RFC6749]. Available Formats [IMG] CSV Name Parameter Usage Location Change Controller Reference client_id authorization request, IETF [RFC6749] token request client_secret token request IETF [RFC6749] response_type authorization request IETF [RFC6749] redirect_uri authorization request, IETF [RFC6749] token request authorization request, scope authorization response, IETF [RFC6749] token request, token response state authorization request, IETF [RFC6749] authorization response code authorization response, IETF [RFC6749] token request error authorization response, IETF [RFC6749] token response error_description authorization response, IETF [RFC6749] token response error_uri authorization response, IETF [RFC6749] token response grant_type token request IETF [RFC6749] access_token authorization response, IETF [RFC6749] token response token_type authorization response, IETF [RFC6749] token response expires_in authorization response, IETF [RFC6749] token response username token request IETF [RFC6749] password token request IETF [RFC6749] refresh_token token request, token IETF [RFC6749] response nonce authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] display authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] prompt authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] max_age authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] ui_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] claims_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] id_token_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] login_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] acr_values authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] claims authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] registration authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] request authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] request_uri authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] id_token authorization response, [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata access token response set 1] session_state authorization response, [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Session Management 1.0] access token response assertion token request IESG [RFC7521] client_assertion token request IESG [RFC7521] client_assertion_type token request IESG [RFC7521] code_verifier token request IESG [RFC7636] code_challenge authorization request IESG [RFC7636] code_challenge_method authorization request IESG [RFC7636] claim_token client request, token [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] endpoint pct client request, token [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] endpoint pct authorization server [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.5] response, token endpoint rpt client request, token [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] endpoint ticket client request, token [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] endpoint upgraded authorization server [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.5] response, token endpoint vtr authorization request, IESG [RFC8485] token request device_code token request IESG [RFC8628, Section 3.1] resource authorization request, IESG [RFC-ietf-oauth-resource-indicators-08] token request audience token request IESG [RFC-ietf-oauth-token-exchange-19, Section 2.1] requested_token_type token request IESG [RFC-ietf-oauth-token-exchange-19, Section 2.1] subject_token token request IESG [RFC-ietf-oauth-token-exchange-19, Section 2.1] subject_token_type token request IESG [RFC-ietf-oauth-token-exchange-19, Section 2.1] actor_token token request IESG [RFC-ietf-oauth-token-exchange-19, Section 2.1] actor_token_type token request IESG [RFC-ietf-oauth-token-exchange-19, Section 2.1] issued_token_type token response IESG [RFC-ietf-oauth-token-exchange-19, Section 2.2.1] response_mode Authorization Request [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] OAuth Token Type Hints Registration Procedure(s) Specification Required Expert(s) Torsten Lodderstedt Reference [RFC7009] Note Registration requests must be sent to the mailing list described in [RFC7009]. Available Formats [IMG] CSV Hint Value Change Controller Reference access_token IETF [RFC7009] refresh_token IETF [RFC7009] pct [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.7] OAuth URI Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6755] Note Prefix: urn:ietf:params:oauth Available Formats [IMG] CSV URN Common Name Change Reference Controller urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type IESG [RFC7523] Profile for OAuth 2.0 urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for IESG [RFC7523] OAuth 2.0 Client Authentication urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant IESG [RFC7522] Type Profile for OAuth 2.0 SAML 2.0 Bearer Assertion Profile urn:ietf:params:oauth:client-assertion-type:saml2-bearer for OAuth 2.0 Client IESG [RFC7522] Authentication urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519] urn:ietf:params:oauth:grant-type:device_code Device flow grant type for OAuth IESG [RFC8628, Section 3.1] 2.0 urn:ietf:params:oauth:grant-type:token-exchange Token exchange grant type for IESG [RFC-ietf-oauth-token-exchange-19, Section OAuth 2.0 2.1] urn:ietf:params:oauth:token-type:access_token Token type URI for an OAuth 2.0 IESG [RFC-ietf-oauth-token-exchange-19, Section access token 3] urn:ietf:params:oauth:token-type:refresh_token Token type URI for an OAuth 2.0 IESG [RFC-ietf-oauth-token-exchange-19, Section refresh token 3] urn:ietf:params:oauth:token-type:id_token Token type URI for an ID Token IESG [RFC-ietf-oauth-token-exchange-19, Section 3] Token type URI for a [RFC-ietf-oauth-token-exchange-19, Section urn:ietf:params:oauth:token-type:saml1 base64url-encoded SAML 1.1 IESG 3] assertion Token type URI for a [RFC-ietf-oauth-token-exchange-19, Section urn:ietf:params:oauth:token-type:saml2 base64url-encoded SAML 2.0 IESG 3] assertion OAuth Dynamic Client Registration Metadata Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591] Note Registration requests should be sent to the mailing list described in [RFC7591]. Available Formats [IMG] CSV Client Metadata Name Client Metadata Change Controller Reference Description Array of redirection URIs redirect_uris for use in redirect-based IESG [RFC7591] flows Requested authentication token_endpoint_auth_method method for the token IESG [RFC7591] endpoint Array of OAuth 2.0 grant grant_types types that the client may IESG [RFC7591] use Array of the OAuth 2.0 response_types response types that the IESG [RFC7591] client may use Human-readable name of client_name the client to be IESG [RFC7591] presented to the user URL of a web page client_uri providing information IESG [RFC7591] about the client logo_uri URL that references a IESG [RFC7591] logo for the client scope Space-separated list of IESG [RFC7591] OAuth 2.0 scope values Array of strings representing ways to contacts contact people IESG [RFC7591] responsible for this client, typically email addresses URL that points to a tos_uri human-readable terms of IESG [RFC7591] service document for the client URL that points to a policy_uri human-readable policy IESG [RFC7591] document for the client URL referencing the client's JSON Web Key Set jwks_uri [RFC7517] document IESG [RFC7591] representing the client's public keys Client's JSON Web Key Set jwks [RFC7517] document IESG [RFC7591] representing the client's public keys Identifier for the software_id software that comprises a IESG [RFC7591] client Version identifier for software_version the software that IESG [RFC7591] comprises a client client_id Client identifier IESG [RFC7591] client_secret Client secret IESG [RFC7591] client_id_issued_at Time at which the client IESG [RFC7591] identifier was issued client_secret_expires_at Time at which the client IESG [RFC7591] secret will expire OAuth 2.0 Bearer Token registration_access_token used to access the client IESG [RFC7592] configuration endpoint Fully qualified URI of registration_client_uri the client registration IESG [RFC7592] endpoint [OpenID Connect Dynamic application_type Kind of the application [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 -- "native" or "web" incorporating errata set 2] URL using the https [OpenID Connect Dynamic sector_identifier_uri scheme to be used in [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 calculating Pseudonymous incorporating errata set Identifiers by the OP 2] subject_type requested [OpenID Connect Dynamic subject_type for responses to this [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Client -- "pairwise" or incorporating errata set "public" 2] JWS alg algorithm [OpenID Connect Dynamic id_token_signed_response_alg REQUIRED for signing the [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 ID Token issued to this incorporating errata set Client 2] JWE alg algorithm [OpenID Connect Dynamic id_token_encrypted_response_alg REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 the ID Token issued to incorporating errata set this Client 2] JWE enc algorithm [OpenID Connect Dynamic id_token_encrypted_response_enc REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 the ID Token issued to incorporating errata set this Client 2] JWS alg algorithm [OpenID Connect Dynamic userinfo_signed_response_alg REQUIRED for signing [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 UserInfo Responses incorporating errata set 2] JWE alg algorithm [OpenID Connect Dynamic userinfo_encrypted_response_alg REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 UserInfo Responses incorporating errata set 2] JWE enc algorithm [OpenID Connect Dynamic userinfo_encrypted_response_enc REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 UserInfo Responses incorporating errata set 2] JWS alg algorithm that [OpenID Connect Dynamic request_object_signing_alg MUST be used for signing [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Request Objects sent to incorporating errata set the OP 2] JWE alg algorithm the RP [OpenID Connect Dynamic is declaring that it may Client Registration 1.0 request_object_encryption_alg use for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set Request Objects sent to 2] the OP JWE enc algorithm the RP [OpenID Connect Dynamic is declaring that it may Client Registration 1.0 request_object_encryption_enc use for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set Request Objects sent to 2] the OP JWS alg algorithm that MUST be used for signing the JWT used to [OpenID Connect Dynamic token_endpoint_auth_signing_alg authenticate the Client [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 at the Token Endpoint for incorporating errata set the private_key_jwt and 2] client_secret_jwt authentication methods [OpenID Connect Dynamic default_max_age Default Maximum [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Authentication Age incorporating errata set 2] Boolean value specifying [OpenID Connect Dynamic require_auth_time whether the auth_time [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Claim in the ID Token is incorporating errata set REQUIRED 2] Default requested [OpenID Connect Dynamic default_acr_values Authentication Context [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Class Reference values incorporating errata set 2] URI using the https [OpenID Connect Dynamic initiate_login_uri scheme that a third party [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 can use to initiate a incorporating errata set login by the RP 2] Array of request_uri [OpenID Connect Dynamic request_uris values that are [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 pre-registered by the RP incorporating errata set for use at the OP 2] claims_redirect_uris claims redirection [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth endpoints 2.0, Section 2] JWS alg algorithm [NFV Release 2: Access nfv_token_signed_response_alg required for signing the [ETSI] Token specification for nfv Token issued to this API Access] Client JWE alg algorithm [NFV Release 2: Access nfv_token_encrypted_response_alg required for encrypting [ETSI] Token specification for the nfv Token issued to API Access] this Client JWE enc algorithm [NFV Release 2: Access nfv_token_encrypted_response_enc required for encrypting [ETSI] Token specification for the nfv Token issued to API Access] this Client Indicates the client's intention to use [RFC-ietf-oauth-mtls-17, tls_client_certificate_bound_access_tokens mutual-TLS client [IESG] Section 3.4] certificate-bound access tokens. String value specifying tls_client_auth_subject_dn the expected subject DN [IESG] [RFC-ietf-oauth-mtls-17, of the client Section 2.1.2] certificate. String value specifying tls_client_auth_san_dns the expected dNSName SAN [IESG] [RFC-ietf-oauth-mtls-17, entry in the client Section 2.1.2] certificate. String value specifying the expected [RFC-ietf-oauth-mtls-17, tls_client_auth_san_uri uniformResourceIdentifier [IESG] Section 2.1.2] SAN entry in the client certificate. String value specifying tls_client_auth_san_ip the expected iPAddress [IESG] [RFC-ietf-oauth-mtls-17, SAN entry in the client Section 2.1.2] certificate. String value specifying tls_client_auth_san_email the expected rfc822Name [IESG] [RFC-ietf-oauth-mtls-17, SAN entry in the client Section 2.1.2] certificate. OAuth Token Endpoint Authentication Methods Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591][RFC8414] Note Registration requests should be sent to the mailing list described in [RFC7591]. Available Formats [IMG] CSV Token Endpoint Authentication Method Name Change Controller Reference none IESG [RFC7591] client_secret_post IESG [RFC7591] client_secret_basic IESG [RFC7591] client_secret_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] private_key_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] tls_client_auth IESG [RFC-ietf-oauth-mtls-17, Section 2.1.1] self_signed_tls_client_auth IESG [RFC-ietf-oauth-mtls-17, Section 2.2.1] PKCE Code Challenge Methods Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC7636] Note Registration requests should be sent to the mailing list described in [RFC7636]. Available Formats [IMG] CSV Code Challenge Method Parameter Name Change Controller Reference plain IESG [Section 4.2 of RFC7636] S256 IESG [Section 4.2 of RFC7636] OAuth Token Introspection Response Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7662] Note Registration requests should be sent to the mailing list described in [RFC7662]. Available Formats [IMG] CSV Name Description Change Controller Reference active Token active status IESG [RFC7662, Section 2.2] username User identifier of the resource owner IESG [RFC7662, Section 2.2] client_id Client identifier of the client IESG [RFC7662, Section 2.2] scope Authorized scopes of the token IESG [RFC7662, Section 2.2] token_type Type of the token IESG [RFC7662, Section 2.2] exp Expiration timestamp of the token IESG [RFC7662, Section 2.2] iat Issuance timestamp of the token IESG [RFC7662, Section 2.2] nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2] sub Subject of the token IESG [RFC7662, Section 2.2] aud Audience of the token IESG [RFC7662, Section 2.2] iss Issuer of the token IESG [RFC7662, Section 2.2] jti Unique identifier of the token IESG [RFC7662, Section 2.2] permissions array of objects, each describing a scoped, time-limitable [Kantara_UMA_WG] [Federated Authorization for UMA 2.0, Section 5.1.1] permission for a resource vot Vector of Trust value IESG [RFC8485] vtm Vector of Trust trustmark URL IESG [RFC8485] act Actor IESG [RFC-ietf-oauth-token-exchange-19, Section 4.1] may_act Authorized Actor - the party that is authorized to become the IESG [RFC-ietf-oauth-token-exchange-19, Section 4.4] actor cnf Confirmation IESG [RFC7800][RFC-ietf-oauth-mtls-17] OAuth Authorization Server Metadata Registration Procedure(s) Specification Required Expert(s) Michael Jones, Nat Sakimura, John Bradley Reference [RFC8414] Note Registration requests should be sent to the mailing list described in [RFC8414]. Available Formats [IMG] CSV Metadata Name Metadata Description Change Controller Reference issuer Authorization server's issuer identifier URL IESG [RFC8414, Section 2] authorization_endpoint URL of the authorization server's IESG [RFC8414, Section 2] authorization endpoint token_endpoint URL of the authorization server's token IESG [RFC8414, Section 2] endpoint jwks_uri URL of the authorization server's JWK Set IESG [RFC8414, Section 2] document registration_endpoint URL of the authorization server's OAuth 2.0 IESG [RFC8414, Section 2] Dynamic Client Registration Endpoint JSON array containing a list of the OAuth scopes_supported 2.0 "scope" values that this authorization IESG [RFC8414, Section 2] server supports JSON array containing a list of the OAuth response_types_supported 2.0 "response_type" values that this IESG [RFC8414, Section 2] authorization server supports JSON array containing a list of the OAuth response_modes_supported 2.0 "response_mode" values that this IESG [RFC8414, Section 2] authorization server supports JSON array containing a list of the OAuth grant_types_supported 2.0 grant type values that this IESG [RFC8414, Section 2] authorization server supports JSON array containing a list of client token_endpoint_auth_methods_supported authentication methods supported by this IESG [RFC8414, Section 2] token endpoint JSON array containing a list of the JWS signing algorithms supported by the token token_endpoint_auth_signing_alg_values_supported endpoint for the signature on the JWT used IESG [RFC8414, Section 2] to authenticate the client at the token endpoint URL of a page containing human-readable service_documentation information that developers might want or IESG [RFC8414, Section 2] need to know when using the authorization server Languages and scripts supported for the user ui_locales_supported interface, represented as a JSON array of IESG [RFC8414, Section 2] language tag values from [BCP47] URL that the authorization server provides to the person registering the client to read op_policy_uri about the authorization server's IESG [RFC8414, Section 2] requirements on how the client can use the data provided by the authorization server URL that the authorization server provides op_tos_uri to the person registering the client to read IESG [RFC8414, Section 2] about the authorization server's terms of service revocation_endpoint URL of the authorization server's OAuth 2.0 IESG [RFC8414, Section 2] revocation endpoint JSON array containing a list of client revocation_endpoint_auth_methods_supported authentication methods supported by this IESG [RFC8414, Section 2] revocation endpoint JSON array containing a list of the JWS signing algorithms supported by the revocation_endpoint_auth_signing_alg_values_supported revocation endpoint for the signature on the IESG [RFC8414, Section 2] JWT used to authenticate the client at the revocation endpoint introspection_endpoint URL of the authorization server's OAuth 2.0 IESG [RFC8414, Section 2] introspection endpoint JSON array containing a list of client introspection_endpoint_auth_methods_supported authentication methods supported by this IESG [RFC8414, Section 2] introspection endpoint JSON array containing a list of the JWS signing algorithms supported by the introspection_endpoint_auth_signing_alg_values_supported introspection endpoint for the signature on IESG [RFC8414, Section 2] the JWT used to authenticate the client at the introspection endpoint code_challenge_methods_supported PKCE code challenge methods supported by IESG [RFC8414, Section 2] this authorization server signed_metadata Signed JWT containing metadata values about IESG [RFC8414, Section 2.1] the authorization server as claims device_authorization_endpoint URL of the authorization server's device IESG [RFC8628, Section 4] authorization endpoint Indicates authorization server support for [RFC-ietf-oauth-mtls-17, tls_client_certificate_bound_access_tokens mutual-TLS client certificate-bound access IESG Section 3.3] tokens. JSON object containing alternative mtls_endpoint_aliases authorization server endpoints, which a IESG [RFC-ietf-oauth-mtls-17, client intending to do mutual TLS will use Section 5] in preference to the conventional endpoints. People ID Name Contact URI Last Updated [ETSI] ETSI mailto:pnns&etsi.org 2019-07-22 [Kantara_UMA_WG] Kantara Initiative User-Managed Access mailto:staff&kantarainitiative.org 2018-04-23 Work Group [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding mailto:openid-specs-ab&lists.openid.net 2015-12-03 Working Group