Internet Assigned Numbers Authority • Domains • Protocols • Numbers • About OAuth Parameters Created 2012-07-27 Last Updated 2025-10-02 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries Included Below • OAuth Access Token Types • OAuth Authorization Endpoint Response Types • OAuth Extensions Error Registry • OAuth Parameters • OAuth Token Type Hints • OAuth URI • OAuth Dynamic Client Registration Metadata • OAuth Token Endpoint Authentication Methods • PKCE Code Challenge Methods • OAuth Token Introspection Response • OAuth Authorization Server Metadata • OAuth Protected Resource Metadata OAuth Access Token Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig, Mike Jones Reference [RFC6749][RFC8414] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC6749]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Name Additional Token Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference Bearer Bearer IETF [RFC6750] N_A IESG [RFC8693, Section 2.2.1] PoP cnf, rs_cnf (see section 3.1 of [RFC8747] and section 3.2 of N/A IETF [RFC9200] [RFC9201]). DPoP DPoP IETF [RFC9449] OAuth Authorization Endpoint Response Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig, Mike Jones Reference [RFC6749] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC6749]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Name Change Controller Reference code IETF [RFC6749] code id_token [OpenID_Foundation_Artifact_Binding_WG] [OAuth 2.0 Multiple Response Type Encoding Practices] code id_token token [OpenID_Foundation_Artifact_Binding_WG] [OAuth 2.0 Multiple Response Type Encoding Practices] code token [OpenID_Foundation_Artifact_Binding_WG] [OAuth 2.0 Multiple Response Type Encoding Practices] id_token [OpenID_Foundation_Artifact_Binding_WG] [OAuth 2.0 Multiple Response Type Encoding Practices] id_token token [OpenID_Foundation_Artifact_Binding_WG] [OAuth 2.0 Multiple Response Type Encoding Practices] none [OpenID_Foundation_Artifact_Binding_WG] [OAuth 2.0 Multiple Response Type Encoding Practices] token IETF [RFC6749] vp_token [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 8] vp_token id_token [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 8] OAuth Extensions Error Registry Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig, Mike Jones Reference [RFC6749] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC6749]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Name Usage Location Protocol Extension Change Controller Reference invalid_request resource access bearer access IETF [RFC6750] error response token type invalid_token resource access bearer access IETF [RFC6750] error response token type insufficient_scope resource access bearer access IETF [RFC6750] error response token type revocation token revocation unsupported_token_type endpoint error endpoint IETF [RFC7009] response authorization [OpenID Connect Core interaction_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core login_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core account_selection_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core consent_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core invalid_request_uri endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core invalid_request_object endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core request_not_supported endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core request_uri_not_supported endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] authorization [OpenID Connect Core registration_not_supported endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_WG] 1.0 incorporating errata set 1] need_info (and its subsidiary authorization [UMA 2.0 Grant for parameters) server response, Kantara UMA [Kantara_UMA_WG] OAuth 2.0, Section token endpoint 3.3.6] authorization [UMA 2.0 Grant for request_denied server response, Kantara UMA [Kantara_UMA_WG] OAuth 2.0, Section token endpoint 3.3.6] request_submitted (and its authorization [UMA 2.0 Grant for subsidiary parameters) server response, Kantara UMA [Kantara_UMA_WG] OAuth 2.0, Section token endpoint 3.3.6] authorization_pending Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response access_denied Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response slow_down Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response expired_token Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response implicit grant invalid_target error response, resource parameter IESG [RFC8707] token error response unsupported_pop_key token error [RFC9200] IETF [RFC9200, Section response 5.8.3] incompatible_ace_profiles token error [RFC9200] IETF [RFC9200, Section response 5.8.3] token endpoint, OAuth 2.0 Rich invalid_authorization_details authorization Authorization IETF [RFC9396, Section 5] endpoint Requests token error Demonstrating invalid_dpop_proof response, Proof of IETF [RFC9449] resource access Possession (DPoP) error response token error Demonstrating use_dpop_nonce response, Proof of IETF [RFC9449] resource access Possession (DPoP) error response resource access OAuth 2.0 Step Up insufficient_user_authentication error response Authentication IETF [RFC9470, Section 3] Challenge Protocol missing_trust_anchor Authorization OpenID Federation [OpenID_Foundation_Artifact_Binding_WG] [Section 12.1.2 of Endpoint OpenID Federation 1.0] validation_failed Authorization OpenID Federation [OpenID_Foundation_Artifact_Binding_WG] [Section 12.1.2 of Endpoint OpenID Federation 1.0] authorization OpenID for [OpenID for Verifiable vp_formats_not_supported endpoint, token Verifiable [OpenID_Foundation_Digital_Credentials_Protocols_WG] Presentations 1.0, endpoint Presentations Section 8.5] authorization OpenID for [OpenID for Verifiable invalid_request_uri_method endpoint Verifiable [OpenID_Foundation_Digital_Credentials_Protocols_WG] Presentations 1.0, Presentations Section 8.5] authorization OpenID for [OpenID for Verifiable wallet_unavailable endpoint, token Verifiable [OpenID_Foundation_Digital_Credentials_Protocols_WG] Presentations 1.0, endpoint Presentations Section 8.5] OAuth Parameters Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig, Mike Jones Reference [RFC6749] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC6749]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Name Parameter Usage Location Change Controller Reference client_id authorization request, token IETF [RFC6749] request client_secret token request IETF [RFC6749] response_type authorization request IETF [RFC6749] redirect_uri authorization request, token IETF [RFC6749] request authorization request, scope authorization response, token IETF [RFC6749] request, token response state authorization request, IETF [RFC6749] authorization response code authorization response, token IETF [RFC6749] request error authorization response, token IETF [RFC6749] response error_description authorization response, token IETF [RFC6749] response error_uri authorization response, token IETF [RFC6749] response grant_type token request IETF [RFC6749] access_token authorization response, token IETF [RFC6749] response token_type authorization response, token IETF [RFC6749] response expires_in authorization response, token IETF [RFC6749] response username token request IETF [RFC6749] password token request IETF [RFC6749] refresh_token token request, token response IETF [RFC6749] nonce authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] display authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] prompt authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] max_age authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] ui_locales authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] claims_locales authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] id_token_hint authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] login_hint authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] acr_values authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] claims authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] registration authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] request authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] request_uri authorization request [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] id_token authorization response, access [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 token response incorporating errata set 1] session_state authorization response, access [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Session Management token response 1.0, Section 2] assertion token request IESG [RFC7521] client_assertion token request IESG [RFC7521] client_assertion_type token request IESG [RFC7521] code_verifier token request IESG [RFC7636] code_challenge authorization request IESG [RFC7636] code_challenge_method authorization request IESG [RFC7636] claim_token client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] pct client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] pct authorization server response, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, token endpoint Section 3.3.5] rpt client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] ticket client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] upgraded authorization server response, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, token endpoint Section 3.3.5] vtr authorization request, token IESG [RFC8485] request device_code token request IESG [RFC8628, Section 3.1] resource authorization request, token IESG [RFC8707] request audience token request IESG [RFC8693, Section 2.1] requested_token_type token request IESG [RFC8693, Section 2.1] subject_token token request IESG [RFC8693, Section 2.1] subject_token_type token request IESG [RFC8693, Section 2.1] actor_token token request IESG [RFC8693, Section 2.1] actor_token_type token request IESG [RFC8693, Section 2.1] issued_token_type token response IESG [RFC8693, Section 2.2.1] response_mode Authorization Request [OpenID_Foundation_Artifact_Binding_WG] [OAuth 2.0 Multiple Response Type Encoding Practices] nfv_token Access Token Response [ETSI] [ETSI GS NFV-SEC 022 V2.7.1] iss authorization request, IETF [RFC9207, Section authorization response 2][RFC9101][RFC7519, Section 4.1.1] sub authorization request IETF [RFC7519, Section 4.1.2][RFC9101] aud authorization request IETF [RFC7519, Section 4.1.3][RFC9101] exp authorization request IETF [RFC7519, Section 4.1.4][RFC9101] nbf authorization request IETF [RFC7519, Section 4.1.5][RFC9101] iat authorization request IETF [RFC7519, Section 4.1.6][RFC9101] jti authorization request IETF [RFC7519, Section 4.1.7][RFC9101] ace_profile token response IETF [RFC9200, Sections 5.8.2, 5.8.4.3] nonce1 client-rs request IETF [RFC9203] nonce2 rs-client response IETF [RFC9203] ace_client_recipientid client-rs request IETF [RFC9203] ace_server_recipientid rs-client response IETF [RFC9203] req_cnf token request IETF [RFC9201, Section 5] rs_cnf token response IETF [RFC9201, Section 5] cnf token response IETF [RFC9201, Section 5] authorization_details authorization request, token IETF [RFC9396] request, token response dpop_jkt authorization request IETF [RFC9449, Section 10] sign_info client-rs request, rs-client IETF [RFC9594] response kdcchallenge rs-client response IETF [RFC9594] trust_chain authorization request [OpenID_Foundation_Artifact_Binding_WG] [Section 12.1.1.1.2 of OpenID Federation 1.0] dcql_query authorization request [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 5.1] client_metadata authorization request [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 5.1] request_uri_method authorization request [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 5.1] transaction_data authorization request [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 5.1] wallet_nonce authorization request, token [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable response Presentations 1.0, Section 5.10] response_uri authorization request [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 8.2] vp_token authorization request, token [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable response Presentations 1.0, Section 8.1] verifier_info authorization request [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Section 5.1] expected_origins authorization request [OpenID_Foundation_Digital_Credentials_Protocols_WG] [OpenID for Verifiable Presentations 1.0, Appendix A.2] OAuth Token Type Hints Registration Procedure(s) Specification Required Expert(s) Torsten Lodderstedt, Mike Jones Reference [RFC7009] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC7009]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Hint Value Change Controller Reference access_token IETF [RFC7009] refresh_token IETF [RFC7009] pct [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.7] OAuth URI Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig, Mike Jones Reference [RFC6755] Note Prefix: urn:ietf:params:oauth Available Formats [IMG] CSV URN Common Name Change Controller Reference urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type Profile for OAuth IESG [RFC7523] 2.0 urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for OAuth 2.0 Client IESG [RFC7523] Authentication urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant Type Profile IESG [RFC7522] for OAuth 2.0 urn:ietf:params:oauth:client-assertion-type:saml2-bearer SAML 2.0 Bearer Assertion Profile for OAuth IESG [RFC7522] 2.0 Client Authentication urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519] urn:ietf:params:oauth:grant-type:device_code Device flow grant type for OAuth 2.0 IESG [RFC8628, Section 3.1] urn:ietf:params:oauth:grant-type:token-exchange Token exchange grant type for OAuth 2.0 IESG [RFC8693, Section 2.1] urn:ietf:params:oauth:token-type:access_token Token type URI for an OAuth 2.0 access token IESG [RFC8693, Section 3] urn:ietf:params:oauth:token-type:refresh_token Token type URI for an OAuth 2.0 refresh token IESG [RFC8693, Section 3] urn:ietf:params:oauth:token-type:id_token Token type URI for an ID Token IESG [RFC8693, Section 3] urn:ietf:params:oauth:token-type:saml1 Token type URI for a base64url-encoded SAML IESG [RFC8693, Section 3] 1.1 assertion urn:ietf:params:oauth:token-type:saml2 Token type URI for a base64url-encoded SAML IESG [RFC8693, Section 3] 2.0 assertion urn:ietf:params:oauth:request_uri A URN Sub-Namespace for OAuth Request URIs. IESG [RFC9126, Section 2.2] urn:ietf:params:oauth:jwk-thumbprint JWK Thumbprint URI IESG [RFC9278] urn:ietf:params:oauth:ckt COSE Key Thumbprint URI IETF [RFC9679] OAuth Dynamic Client Registration Metadata Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC7591]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Client Metadata Name Client Metadata Description Change Controller Reference redirect_uris Array of redirection URIs for IESG [RFC7591] use in redirect-based flows token_endpoint_auth_method Requested authentication method IESG [RFC7591] for the token endpoint grant_types Array of OAuth 2.0 grant types IESG [RFC7591] that the client may use response_types Array of the OAuth 2.0 response IESG [RFC7591] types that the client may use Human-readable name of the client_name client to be presented to the IESG [RFC7591] user client_uri URL of a web page providing IESG [RFC7591] information about the client logo_uri URL that references a logo for IESG [RFC7591] the client scope Space-separated list of OAuth IESG [RFC7591] 2.0 scope values Array of strings representing contacts ways to contact people IESG [RFC7591] responsible for this client, typically email addresses URL that points to a tos_uri human-readable terms of service IESG [RFC7591] document for the client URL that points to a policy_uri human-readable policy document IESG [RFC7591] for the client URL referencing the client's jwks_uri JSON Web Key Set [RFC7517] IESG [RFC7591] document representing the client's public keys Client's JSON Web Key Set jwks [RFC7517] document representing IESG [RFC7591] the client's public keys software_id Identifier for the software IESG [RFC7591] that comprises a client Version identifier for the software_version software that comprises a IESG [RFC7591] client client_id Client identifier IESG [RFC7591] client_secret Client secret IESG [RFC7591] client_id_issued_at Time at which the client IESG [RFC7591] identifier was issued client_secret_expires_at Time at which the client secret IESG [RFC7591] will expire OAuth 2.0 Bearer Token used to registration_access_token access the client configuration IESG [RFC7592] endpoint registration_client_uri Fully qualified URI of the IESG [RFC7592] client registration endpoint [OpenID Connect Kind of the application -- Dynamic Client application_type "native" or "web" [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 incorporating errata set 2] URL using the https scheme to [OpenID Connect be used in calculating Dynamic Client sector_identifier_uri Pseudonymous Identifiers by the [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 OP incorporating errata set 2] [OpenID Connect subject_type requested for Dynamic Client subject_type responses to this Client -- [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 "pairwise" or "public" incorporating errata set 2] [OpenID Connect JWS alg algorithm REQUIRED for Dynamic Client id_token_signed_response_alg signing the ID Token issued to [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 this Client incorporating errata set 2] [OpenID Connect JWE alg algorithm REQUIRED for Dynamic Client id_token_encrypted_response_alg encrypting the ID Token issued [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 to this Client incorporating errata set 2] [OpenID Connect JWE enc algorithm REQUIRED for Dynamic Client id_token_encrypted_response_enc encrypting the ID Token issued [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 to this Client incorporating errata set 2] [OpenID Connect JWS alg algorithm REQUIRED for Dynamic Client userinfo_signed_response_alg signing UserInfo Responses [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 incorporating errata set 2] [OpenID Connect JWE alg algorithm REQUIRED for Dynamic Client userinfo_encrypted_response_alg encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 incorporating errata set 2] [OpenID Connect JWE enc algorithm REQUIRED for Dynamic Client userinfo_encrypted_response_enc encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 incorporating errata set 2] [OpenID Connect JWS alg algorithm that MUST be Dynamic Client request_object_signing_alg used for signing Request [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 Objects sent to the OP incorporating errata set 2] JWE alg algorithm the RP is [OpenID Connect declaring that it may use for Dynamic Client request_object_encryption_alg encrypting Request Objects sent [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 to the OP incorporating errata set 2] JWE enc algorithm the RP is [OpenID Connect declaring that it may use for Dynamic Client request_object_encryption_enc encrypting Request Objects sent [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 to the OP incorporating errata set 2] JWS alg algorithm that MUST be used for signing the JWT used [OpenID Connect to authenticate the Client at Dynamic Client token_endpoint_auth_signing_alg the Token Endpoint for the [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 private_key_jwt and incorporating client_secret_jwt errata set 2] authentication methods [OpenID Connect Default Maximum Authentication Dynamic Client default_max_age Age [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 incorporating errata set 2] [OpenID Connect Boolean value specifying Dynamic Client require_auth_time whether the auth_time Claim in [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 the ID Token is REQUIRED incorporating errata set 2] [OpenID Connect Default requested Dynamic Client default_acr_values Authentication Context Class [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 Reference values incorporating errata set 2] [OpenID Connect URI using the https scheme that Dynamic Client initiate_login_uri a third party can use to [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 initiate a login by the RP incorporating errata set 2] [OpenID Connect Array of request_uri values Dynamic Client request_uris that are pre-registered by the [OpenID_Foundation_Artifact_Binding_WG] Registration 1.0 RP for use at the OP incorporating errata set 2] [UMA 2.0 Grant claims_redirect_uris claims redirection endpoints [Kantara_UMA_WG] for OAuth 2.0, Section 2] JWS alg algorithm required for [ETSI GS NFV-SEC nfv_token_signed_response_alg signing the nfv Token issued to [ETSI] 022 V2.7.1] this Client JWE alg algorithm required for [ETSI GS NFV-SEC nfv_token_encrypted_response_alg encrypting the nfv Token issued [ETSI] 022 V2.7.1] to this Client JWE enc algorithm required for [ETSI GS NFV-SEC nfv_token_encrypted_response_enc encrypting the nfv Token issued [ETSI] 022 V2.7.1] to this Client Indicates the client's tls_client_certificate_bound_access_tokens intention to use mutual-TLS [IESG] [RFC8705, client certificate-bound access Section 3.4] tokens. String value specifying the [RFC8705, tls_client_auth_subject_dn expected subject DN of the [IESG] Section 2.1.2] client certificate. String value specifying the [RFC8705, tls_client_auth_san_dns expected dNSName SAN entry in [IESG] Section 2.1.2] the client certificate. String value specifying the expected [RFC8705, tls_client_auth_san_uri uniformResourceIdentifier SAN [IESG] Section 2.1.2] entry in the client certificate. String value specifying the [RFC8705, tls_client_auth_san_ip expected iPAddress SAN entry in [IESG] Section 2.1.2] the client certificate. String value specifying the [RFC8705, tls_client_auth_san_email expected rfc822Name SAN entry [IESG] Section 2.1.2] in the client certificate. Indicates where authorization request needs to be protected [RFC9101, require_signed_request_object as Request Object and provided [IETF] Section 10.5] through either request or request_uri parameter. Indicates whether the client is [RFC9126, require_pushed_authorization_requests required to use PAR to initiate [IESG] Section 6] authorization requests. String value indicating the [RFC9701, introspection_signed_response_alg client’s desired introspection [IETF] Section 6] response signing algorithm String value specifying the introspection_encrypted_response_alg desired introspection response [IETF] [RFC9701, content key encryption Section 6] algorithm (alg value) String value specifying the introspection_encrypted_response_enc desired introspection response [IETF] [RFC9701, content encryption algorithm Section 6] (enc value) RP URL that will cause the RP [OpenID Connect frontchannel_logout_uri to log itself out when rendered [OpenID_Foundation_Artifact_Binding_WG] Front-Channel in an iframe by the OP Logout 1.0, Section 2] Boolean value specifying whether the RP requires that a [OpenID Connect sid (session ID) query Front-Channel frontchannel_logout_session_required parameter be included to [OpenID_Foundation_Artifact_Binding_WG] Logout 1.0, identify the RP session with Section 2] the OP when the frontchannel_logout_uri is used RP URL that will cause the RP [OpenID Connect backchannel_logout_uri to log itself out when sent a [OpenID_Foundation_Artifact_Binding_WG] Back-Channel Logout Token by the OP Logout 1.0, Section 2.2] Boolean value specifying whether the RP requires that a [OpenID Connect sid (session ID) Claim be Back-Channel backchannel_logout_session_required included in the Logout Token to [OpenID_Foundation_Artifact_Binding_WG] Logout 1.0, identify the RP session with Section 2.2] the OP when the backchannel_logout_uri is used Array of URLs supplied by the RP to which it MAY request that [OpenID Connect the End-User's User Agent be RP-Initiated post_logout_redirect_uris redirected using the [OpenID_Foundation_Artifact_Binding_WG] Logout 1.0, post_logout_redirect_uri Section 3.1] parameter after a logout has been performed authorization_details_types Indicates what authorization [IETF] [RFC9396, details types the client uses. Section 10] Boolean value specifying [RFC9449, dpop_bound_access_tokens whether the client always uses [IETF] Section 5.2] DPoP for token requests An array of strings specifying [Section 5.1.2 client_registration_types the client registration types [OpenID_Foundation_Artifact_Binding_WG] of OpenID the RP wants to use Federation 1.0] URL referencing a signed JWT [Section 5.2.1 signed_jwks_uri having the client's JWK Set [OpenID_Foundation_Artifact_Binding_WG] of OpenID document as its payload Federation 1.0] Human-readable name [Section 5.2.2 organization_name representing the organization [OpenID_Foundation_Artifact_Binding_WG] of OpenID owning this client Federation 1.0] URL of a Web page for the [Section 5.2.2 homepage_uri organization owning this client [OpenID_Foundation_Artifact_Binding_WG] of OpenID Federation 1.0] [Section URL of a Web page for the 5.2.2.1.1 of use_mtls_endpoint_aliases organization owning this client [OpenID_Foundation_FAPI_WG] FAPI 2.0 Security Profile] Non-empty array of strings, [Section 5.1 of where each string is a JWE OpenID for encrypted_response_enc_values_supported [RFC7516] enc algorithm that [OpenID_Foundation_Digital_Credentials_Protocols_WG] Verifiable can be used as the content Presentations encryption algorithm for 1.0] encrypting the Response An object containing a list of [Section 11.1 of name/value pairs, where the OpenID for vp_formats_supported name is a string identifying a [OpenID_Foundation_Digital_Credentials_Protocols_WG] Verifiable Credential format supported by Presentations the Verifier 1.0] OAuth Token Endpoint Authentication Methods Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591][RFC8414] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC7591]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Token Endpoint Authentication Method Name Change Controller Reference none IESG [RFC7591] client_secret_post IESG [RFC7591] client_secret_basic IESG [RFC7591] client_secret_jwt [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] private_key_jwt [OpenID_Foundation_Artifact_Binding_WG] [OpenID Connect Core 1.0 incorporating errata set 1] tls_client_auth IESG [RFC8705, Section 2.1.1] self_signed_tls_client_auth IESG [RFC8705, Section 2.2.1] PKCE Code Challenge Methods Registration Procedure(s) Specification Required Expert(s) John Bradley, Mike Jones Reference [RFC7636] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC7636]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Code Challenge Method Parameter Name Change Controller Reference plain IESG [Section 4.2 of RFC7636] S256 IESG [Section 4.2 of RFC7636] OAuth Token Introspection Response Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7662] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC7662]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Name Description Change Controller Reference active Token active status IESG [RFC7662, Section 2.2] username User identifier of the resource owner IESG [RFC7662, Section 2.2] client_id Client identifier of the client IESG [RFC7662, Section 2.2] scope Authorized scopes of the token IESG [RFC7662, Section 2.2] token_type Type of the token IESG [RFC7662, Section 2.2] exp Expiration timestamp of the token IESG [RFC7662, Section 2.2] iat Issuance timestamp of the token IESG [RFC7662, Section 2.2] nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2] sub Subject of the token IESG [RFC7662, Section 2.2] aud Audience of the token IESG [RFC7662, Section 2.2] iss Issuer of the token IESG [RFC7662, Section 2.2] jti Unique identifier of the token IESG [RFC7662, Section 2.2] permissions array of objects, each describing a scoped, time-limitable [Kantara_UMA_WG] [Federated Authorization for UMA 2.0, permission for a resource Section 5.1.1] vot Vector of Trust value IESG [RFC8485] vtm Vector of Trust trustmark URL IESG [RFC8485] act Actor IESG [RFC8693, Section 4.1] may_act Authorized Actor - the party that is authorized to become the IESG [RFC8693, Section 4.4] actor cnf Confirmation IESG [RFC7800][RFC8705] ace_profile The ACE profile used between the client and RS. IETF [RFC9200, Section 5.9.2] "client-nonce". A nonce previously provided to the AS by the RS cnonce via the client. Used to verify token freshness when the RS cannot IETF [RFC9200, Section 5.9.2] synchronize its clock with the AS. cti "CWT ID". The identifier of a CWT as defined in [RFC8392]. IETF [RFC9200, Section 5.9.2] "Expires in". Lifetime of the token in seconds from the time the exi RS first sees it. Used to implement a weaker form of token IETF [RFC9200, Section 5.9.2] expiration for devices that cannot synchronize their internal clocks. The member authorization_details contains a JSON array of JSON authorization_details objects representing the rights of the access token. Each JSON IETF [RFC9396, Section 9.2] object contains the data to specify the authorization requirements for a certain type of resource. acr Authentication Context Class Reference IETF [RFC9470, Section 6.2] auth_time Time when the user authentication occurred IETF [RFC9470, Section 6.2] OAuth Authorization Server Metadata Registration Procedure(s) Specification Required Expert(s) Mike Jones, Nat Sakimura, John Bradley, Dick Hardt Reference [RFC8414] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC8414]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Metadata Name Metadata Description Change Controller Reference Authorization [RFC8414, Section issuer server's issuer IESG 2] identifier URL URL of the authorization [RFC8414, Section authorization_endpoint server's IESG 2] authorization endpoint URL of the token_endpoint authorization IESG [RFC8414, Section server's token 2] endpoint URL of the jwks_uri authorization IESG [RFC8414, Section server's JWK Set 2] document URL of the authorization [RFC8414, Section registration_endpoint server's OAuth 2.0 IESG 2] Dynamic Client Registration Endpoint JSON array containing a list of the OAuth scopes_supported 2.0 "scope" values IESG [RFC8414, Section that this 2] authorization server supports JSON array containing a list of the OAuth response_types_supported 2.0 "response_type" IESG [RFC8414, Section values that this 2] authorization server supports JSON array containing a list of the OAuth response_modes_supported 2.0 "response_mode" IESG [RFC8414, Section values that this 2] authorization server supports JSON array containing a list of the OAuth grant_types_supported 2.0 grant type values IESG [RFC8414, Section that this 2] authorization server supports JSON array containing a list of client [RFC8414, Section token_endpoint_auth_methods_supported authentication IESG 2] methods supported by this token endpoint JSON array containing a list of the JWS signing algorithms supported by the token_endpoint_auth_signing_alg_values_supported token endpoint for IESG [RFC8414, Section the signature on the 2] JWT used to authenticate the client at the token endpoint URL of a page containing human-readable service_documentation information that IESG [RFC8414, Section developers might want 2] or need to know when using the authorization server Languages and scripts supported for the user interface, [RFC8414, Section ui_locales_supported represented as a JSON IESG 2] array of language tag values from BCP 47 [RFC5646] URL that the authorization server provides to the person registering the client to read op_policy_uri about the IESG [RFC8414, Section authorization 2] server's requirements on how the client can use the data provided by the authorization server URL that the authorization server provides to the person registering [RFC8414, Section op_tos_uri the client to read IESG 2] about the authorization server's terms of service URL of the revocation_endpoint authorization IESG [RFC8414, Section server's OAuth 2.0 2] revocation endpoint JSON array containing a list of client revocation_endpoint_auth_methods_supported authentication IESG [RFC8414, Section methods supported by 2] this revocation endpoint JSON array containing a list of the JWS signing algorithms supported by the revocation_endpoint_auth_signing_alg_values_supported revocation endpoint IESG [RFC8414, Section for the signature on 2] the JWT used to authenticate the client at the revocation endpoint URL of the authorization [RFC8414, Section introspection_endpoint server's OAuth 2.0 IESG 2] introspection endpoint JSON array containing a list of client introspection_endpoint_auth_methods_supported authentication IESG [RFC8414, Section methods supported by 2] this introspection endpoint JSON array containing a list of the JWS signing algorithms supported by the introspection [RFC8414, Section introspection_endpoint_auth_signing_alg_values_supported endpoint for the IESG 2] signature on the JWT used to authenticate the client at the introspection endpoint PKCE code challenge code_challenge_methods_supported methods supported by IESG [RFC8414, Section this authorization 2] server Signed JWT containing signed_metadata metadata values about IESG [RFC8414, Section the authorization 2.1] server as claims URL of the authorization [RFC8628, Section device_authorization_endpoint server's device IESG 4] authorization endpoint Indicates authorization server tls_client_certificate_bound_access_tokens support for IESG [RFC8705, Section mutual-TLS client 3.3] certificate-bound access tokens. JSON object containing alternative authorization server mtls_endpoint_aliases endpoints, which a IESG [RFC8705, Section client intending to 5] do mutual TLS will use in preference to the conventional endpoints. JSON array containing a list of the JWS signing algorithms [ETSI GS NFV-SEC nfv_token_signing_alg_values_supported supported by the [ETSI] 022 V2.7.1] server for signing the JWT used as NFV Token JSON array containing a list of the JWE encryption algorithms [ETSI GS NFV-SEC nfv_token_encryption_alg_values_supported (alg values) [ETSI] 022 V2.7.1] supported by the server to encode the JWT used as NFV Token JSON array containing a list of the JWE encryption algorithms [ETSI GS NFV-SEC nfv_token_encryption_enc_values_supported (enc values) [ETSI] 022 V2.7.1] supported by the server to encode the JWT used as NFV Token URL of the OP's [OpenID Connect userinfo_endpoint UserInfo Endpoint [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, Section 3] JSON array containing a list of the [OpenID Connect acr_values_supported Authentication [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, Context Class Section 3] References that this OP supports JSON array containing [OpenID Connect subject_types_supported a list of the Subject [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, Identifier types that Section 3] this OP supports JSON array containing a list of the JWS [OpenID Connect id_token_signing_alg_values_supported "alg" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the OP Section 3] for the ID Token JSON array containing a list of the JWE [OpenID Connect id_token_encryption_alg_values_supported "alg" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the OP Section 3] for the ID Token JSON array containing a list of the JWE [OpenID Connect id_token_encryption_enc_values_supported "enc" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the OP Section 3] for the ID Token JSON array containing a list of the JWS [OpenID Connect userinfo_signing_alg_values_supported "alg" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the Section 3] UserInfo Endpoint JSON array containing a list of the JWE [OpenID Connect userinfo_encryption_alg_values_supported "alg" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the Section 3] UserInfo Endpoint JSON array containing a list of the JWE [OpenID Connect userinfo_encryption_enc_values_supported "enc" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the Section 3] UserInfo Endpoint JSON array containing a list of the JWS [OpenID Connect request_object_signing_alg_values_supported "alg" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the OP Section 3] for Request Objects JSON array containing a list of the JWE [OpenID Connect request_object_encryption_alg_values_supported "alg" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the OP Section 3] for Request Objects JSON array containing a list of the JWE [OpenID Connect request_object_encryption_enc_values_supported "enc" values [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, supported by the OP Section 3] for Request Objects JSON array containing a list of the [OpenID Connect display_values_supported "display" parameter [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, values that the Section 3] OpenID Provider supports JSON array containing [OpenID Connect claim_types_supported a list of the Claim [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, Types that the OpenID Section 3] Provider supports JSON array containing a list of the Claim [OpenID Connect claims_supported Names of the Claims [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, that the OpenID Section 3] Provider MAY be able to supply values for Languages and scripts supported for values in Claims being [OpenID Connect claims_locales_supported returned, represented [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, as a JSON array of Section 3] BCP 47 [RFC5646] language tag values Boolean value specifying whether [OpenID Connect claims_parameter_supported the OP supports use [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, of the "claims" Section 3] parameter Boolean value specifying whether [OpenID Connect request_parameter_supported the OP supports use [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, of the "request" Section 3] parameter Boolean value specifying whether [OpenID Connect request_uri_parameter_supported the OP supports use [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, of the "request_uri" Section 3] parameter Boolean value specifying whether [OpenID Connect require_request_uri_registration the OP requires any [OpenID_Foundation_Artifact_Binding_WG] Discovery 1.0, "request_uri" values Section 3] used to be pre-registered Indicates where authorization request needs to be protected require_signed_request_object as Request Object and IETF [RFC9101, Section provided through 10.5] either request or request_uri parameter. URL of the authorization [RFC9126, Section pushed_authorization_request_endpoint server's pushed IESG 5] authorization request endpoint Indicates whether the authorization server [RFC9126, Section require_pushed_authorization_requests accepts authorization IESG 5] requests only via PAR. JSON array containing a list of algorithms introspection_signing_alg_values_supported supported by the IETF [RFC9701, Section authorization server 7] for introspection response signing JSON array containing a list of algorithms supported by the introspection_encryption_alg_values_supported authorization server IETF [RFC9701, Section for introspection 7] response content key encryption (alg value) JSON array containing a list of algorithms supported by the introspection_encryption_enc_values_supported authorization server IETF [RFC9701, Section for introspection 7] response content encryption (enc value) Boolean value indicating whether the authorization [RFC9207, Section authorization_response_iss_parameter_supported server provides the IETF 3] iss parameter in the authorization response. URL of an OP iframe that supports cross-origin [OpenID Connect check_session_iframe communications for [OpenID_Foundation_Artifact_Binding_WG] Session Management session state 1.0, Section 3.3] information with the RP Client, using the HTML5 postMessage API Boolean value specifying whether [OpenID Connect frontchannel_logout_supported the OP supports [OpenID_Foundation_Artifact_Binding_WG] Front-Channel HTTP-based logout, Logout 1.0, with true indicating Section 3] support Boolean value specifying whether [OpenID Connect backchannel_logout_supported the OP supports [OpenID_Foundation_Artifact_Binding_WG] Back-Channel back-channel logout, Logout 1.0, with true indicating Section 2] support Boolean value specifying whether [OpenID Connect the OP can pass a sid Back-Channel backchannel_logout_session_supported (session ID) Claim in [OpenID_Foundation_Artifact_Binding_WG] Logout 1.0, the Logout Token to Section 2] identify the RP session with the OP URL at the OP to which an RP can [OpenID Connect end_session_endpoint perform a redirect to [OpenID_Foundation_Artifact_Binding_WG] RP-Initiated request that the Logout 1.0, End-User be logged Section 2.1] out at the OP [OpenID Connect Supported CIBA Client-Initiated backchannel_token_delivery_modes_supported authentication result [OpenID_Foundation_MODRNA_WG] Backchannel delivery modes Authentication Flow - Core 1.0, Section 4] [OpenID Connect CIBA Backchannel Client-Initiated backchannel_authentication_endpoint Authentication [OpenID_Foundation_MODRNA_WG] Backchannel Endpoint Authentication Flow - Core 1.0, Section 4] JSON array containing [OpenID Connect a list of the JWS Client-Initiated signing algorithms Backchannel backchannel_authentication_request_signing_alg_values_supported supported for [OpenID_Foundation_MODRNA_WG] Authentication validation of signed Flow - Core 1.0, CIBA authentication Section 4] requests [OpenID Connect Indicates whether the Client-Initiated backchannel_user_code_parameter_supported OP supports the use [OpenID_Foundation_MODRNA_WG] Backchannel of the CIBA user_code Authentication parameter. Flow - Core 1.0, Section 4] JSON array containing authorization_details_types_supported the authorization IETF [RFC9396, Section details types the AS 10] supports JSON array containing dpop_signing_alg_values_supported a list of the JWS IETF [RFC9449, Section algorithms supported 5.1] for DPoP proof JWTs Client Registration [Section 5.1.3 of client_registration_types_supported Types Supported [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation 1.0] Federation [Section 5.1.3 of federation_registration_endpoint Registration Endpoint [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation 1.0] Authentication [Section 5.1.3 of request_authentication_methods_supported request [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation authentication 1.0] methods supported JSON array containing the JWS signing algorithms supported [Section 5.1.3 of request_authentication_signing_alg_values_supported for the signature on [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation the JWT used to 1.0] authenticate the request URL referencing a signed JWT having [Section 5.2.1 of signed_jwks_uri this authorization [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation server's JWK Set 1.0] document as its payload JSON Web Key Set [Section 5.2.1 of jwks document, passed by [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation value 1.0] Human-readable name representing the [Section 5.2.2 of organization_name organization owning [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation this authorization 1.0] server Array of strings representing ways to contact people [Section 5.2.2 of contacts responsible for this [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation authorization server, 1.0] typically email addresses URL that references a logo for the [Section 5.2.2 of logo_uri organization owning [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation this authorization 1.0] server URL of a Web page for [Section 5.2.2 of homepage_uri the organization [OpenID_Foundation_Artifact_Binding_WG] OpenID Federation owning this 1.0] authorization server JSON array containing protected_resources a list of resource IETF [RFC9728, Section identifiers for OAuth 4] protected resources OAuth Protected Resource Metadata Registration Procedure(s) Specification Required Expert(s) Michael Jones, Dick Hardt Reference [RFC9728] Note Registration requests should be sent to [oauth-ext-review@ietf.org], as described in [RFC9728]. If approved, designated experts should notify IANA within two weeks. For assistance, please contact iana@iana.org. IANA does not monitor the list. Available Formats [IMG] CSV Metadata Name Metadata Description Change Controller Reference resource Protected resource's resource identifier URL IETF [RFC9728, Section 2] authorization_servers JSON array containing a list of OAuth authorization server IETF [RFC9728, Section 2] issuer identifiers jwks_uri URL of the protected resource's JWK Set document IETF [RFC9728, Section 2] JSON array containing a list of the OAuth 2.0 scope values scopes_supported that are used in authorization requests to request access to IETF [RFC9728, Section 2] this protected resource bearer_methods_supported JSON array containing a list of the OAuth 2.0 bearer token IETF [RFC9728, Section 2] presentation methods that this protected resource supports JSON array containing a list of the JWS signing algorithms resource_signing_alg_values_supported (alg values) supported by the protected resource for signed IETF [RFC9728, Section 2] content resource_name Human-readable name of the protected resource IETF [RFC9728, Section 2] URL of a page containing human-readable information that resource_documentation developers might want or need to know when using the IETF [RFC9728, Section 2] protected resource URL of a page containing human-readable information about resource_policy_uri the protected resource's requirements on how the client can IETF [RFC9728, Section 2] use the data provided by the protected resource resource_tos_uri URL of a page containing human-readable information about IETF [RFC9728, Section 2] the protected resource's terms of service tls_client_certificate_bound_access_tokens Boolean value indicating protected resource support for IETF [RFC9728, Section 2] mutual-TLS client certificate-bound access tokens JSON array containing a list of the authorization details authorization_details_types_supported type values supported by the resource server when the IETF [RFC9728, Section 2] authorization_details request parameter is used dpop_signing_alg_values_supported JSON array containing a list of the JWS alg values supported IETF [RFC9728, Section 2] by the resource server for validating DPoP proof JWTs dpop_bound_access_tokens_required Boolean value specifying whether the protected resource IETF [RFC9728, Section 2] always requires the use of DPoP-bound access tokens signed_metadata Signed JWT containing metadata parameters about the IETF [RFC9728, Section 2.2] protected resource as claims Contact Information ID Name Contact URI Last Updated [ETSI] ETSI mailto:pnns&etsi.org 2019-07-22 Internet [IESG] Engineering mailto:iesg&ietf.org Steering Group Internet [IETF] Engineering mailto:ietf&ietf.org Task Force Kantara Initiative [Kantara_UMA_WG] User-Managed mailto:staff&kantarainitiative.org 2018-04-23 Access Work Group OpenID Foundation [OpenID_Foundation_Artifact_Binding_WG] Artifact mailto:openid-specs-ab&lists.openid.net 2022-09-23 Binding Working Group OpenID Foundation [OpenID_Foundation_Digital_Credentials_Protocols_WG] Digital mailto:openid-specs-digital-credentials-protocols&lists.openid.net 2025-10-03 Credentials Protocols Working Group OpenID [OpenID_Foundation_FAPI_WG] Foundation mailto:openid-specs-fapi&lists.openid.net 2025-04-28 FAPI Working Group OpenID [OpenID_Foundation_MODRNA_WG] Foundation mailto:openid-specs-mobile-profile&lists.openid.net 2022-12-01 MODRNA Working Group Licensing Terms