OAuth Parameters Created 2012-07-27 Last Updated 2020-05-12 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below * OAuth Access Token Types * OAuth Authorization Endpoint Response Types * OAuth Extensions Error Registry * OAuth Parameters * OAuth Token Type Hints * OAuth URI * OAuth Dynamic Client Registration Metadata * OAuth Token Endpoint Authentication Methods * PKCE Code Challenge Methods * OAuth Token Introspection Response * OAuth Authorization Server Metadata OAuth Access Token Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749][RFC8414] Note Registration requests should be sent to the mailing list described in [RFC8414]. Available Formats [IMG] CSV Name Additional Token Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference Bearer Bearer IETF [RFC6750] N_A IESG [RFC8693, Section 2.2.1] OAuth Authorization Endpoint Response Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Note Registration requests should be sent to the mailing list described in [RFC6749]. Available Formats [IMG] CSV Name Change Controller Reference code IETF [RFC6749] code id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] code id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] code token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] none [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] token IETF [RFC6749] OAuth Extensions Error Registry Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Note Registration requests should be sent to the mailing list described in [RFC6749]. Available Formats [IMG] CSV Name Usage Location Protocol Change Controller Reference Extension invalid_request resource access error bearer access IETF [RFC6750] response token type invalid_token resource access error bearer access IETF [RFC6750] response token type insufficient_scope resource access error bearer access IETF [RFC6750] response token type revocation endpoint token unsupported_token_type error response revocation IETF [RFC7009] endpoint authorization [OpenID Connect Core 1.0 interaction_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 login_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 session_selection_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 consent_required endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 invalid_request_uri endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 invalid_request_object endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 request_not_supported endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 request_uri_not_supported endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] authorization [OpenID Connect Core 1.0 registration_not_supported endpoint OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] incorporating errata set 1] need_info (and its subsidiary authorization server [UMA 2.0 Grant for OAuth parameters) response, token Kantara UMA [Kantara_UMA_WG] 2.0, Section 3.3.6] endpoint authorization server [UMA 2.0 Grant for OAuth request_denied response, token Kantara UMA [Kantara_UMA_WG] 2.0, Section 3.3.6] endpoint request_submitted (and its authorization server [UMA 2.0 Grant for OAuth subsidiary parameters) response, token Kantara UMA [Kantara_UMA_WG] 2.0, Section 3.3.6] endpoint authorization_pending Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response access_denied Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response slow_down Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response expired_token Token endpoint [RFC8628] IETF [RFC8628, Section 3.5] response implicit grant error resource invalid_target response, token error parameter IESG [RFC8707] response OAuth Parameters Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Note Registration requests should be sent to the mailing list described in [RFC6749]. Available Formats [IMG] CSV Name Parameter Usage Location Change Controller Reference client_id authorization request, token request IETF [RFC6749] client_secret token request IETF [RFC6749] response_type authorization request IETF [RFC6749] redirect_uri authorization request, token request IETF [RFC6749] scope authorization request, authorization IETF [RFC6749] response, token request, token response state authorization request, authorization IETF [RFC6749] response code authorization response, token request IETF [RFC6749] error authorization response, token response IETF [RFC6749] error_description authorization response, token response IETF [RFC6749] error_uri authorization response, token response IETF [RFC6749] grant_type token request IETF [RFC6749] access_token authorization response, token response IETF [RFC6749] token_type authorization response, token response IETF [RFC6749] expires_in authorization response, token response IETF [RFC6749] username token request IETF [RFC6749] password token request IETF [RFC6749] refresh_token token request, token response IETF [RFC6749] nonce authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] display authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] prompt authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] max_age authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] ui_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] claims_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] id_token_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] login_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] acr_values authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] claims authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] registration authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] request authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] request_uri authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] id_token authorization response, access token [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 response incorporating errata set 1] session_state authorization response, access token [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Session response Management 1.0] assertion token request IESG [RFC7521] client_assertion token request IESG [RFC7521] client_assertion_type token request IESG [RFC7521] code_verifier token request IESG [RFC7636] code_challenge authorization request IESG [RFC7636] code_challenge_method authorization request IESG [RFC7636] claim_token client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] pct client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] pct authorization server response, token [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, endpoint Section 3.3.5] rpt client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] ticket client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] upgraded authorization server response, token [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, endpoint Section 3.3.5] vtr authorization request, token request IESG [RFC8485] device_code token request IESG [RFC8628, Section 3.1] resource authorization request, token request IESG [RFC8707] audience token request IESG [RFC8693, Section 2.1] requested_token_type token request IESG [RFC8693, Section 2.1] subject_token token request IESG [RFC8693, Section 2.1] subject_token_type token request IESG [RFC8693, Section 2.1] actor_token token request IESG [RFC8693, Section 2.1] actor_token_type token request IESG [RFC8693, Section 2.1] issued_token_type token response IESG [RFC8693, Section 2.2.1] response_mode Authorization Request [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices] nfv_token Access Token Response [ETSI] [ETSI GS NFV-SEC 022 V2.7.1] OAuth Token Type Hints Registration Procedure(s) Specification Required Expert(s) Torsten Lodderstedt Reference [RFC7009] Note Registration requests must be sent to the mailing list described in [RFC7009]. Available Formats [IMG] CSV Hint Value Change Controller Reference access_token IETF [RFC7009] refresh_token IETF [RFC7009] pct [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.7] OAuth URI Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6755] Note Prefix: urn:ietf:params:oauth Available Formats [IMG] CSV URN Common Name Change Controller Reference urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type Profile for OAuth IESG [RFC7523] 2.0 urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for OAuth 2.0 Client IESG [RFC7523] Authentication urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant Type Profile IESG [RFC7522] for OAuth 2.0 urn:ietf:params:oauth:client-assertion-type:saml2-bearer SAML 2.0 Bearer Assertion Profile for OAuth IESG [RFC7522] 2.0 Client Authentication urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519] urn:ietf:params:oauth:grant-type:device_code Device flow grant type for OAuth 2.0 IESG [RFC8628, Section 3.1] urn:ietf:params:oauth:grant-type:token-exchange Token exchange grant type for OAuth 2.0 IESG [RFC8693, Section 2.1] urn:ietf:params:oauth:token-type:access_token Token type URI for an OAuth 2.0 access token IESG [RFC8693, Section 3] urn:ietf:params:oauth:token-type:refresh_token Token type URI for an OAuth 2.0 refresh token IESG [RFC8693, Section 3] urn:ietf:params:oauth:token-type:id_token Token type URI for an ID Token IESG [RFC8693, Section 3] urn:ietf:params:oauth:token-type:saml1 Token type URI for a base64url-encoded SAML IESG [RFC8693, Section 3] 1.1 assertion urn:ietf:params:oauth:token-type:saml2 Token type URI for a base64url-encoded SAML IESG [RFC8693, Section 3] 2.0 assertion OAuth Dynamic Client Registration Metadata Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591] Note Registration requests should be sent to the mailing list described in [RFC7591]. Available Formats [IMG] CSV Client Metadata Name Client Metadata Description Change Controller Reference redirect_uris Array of redirection URIs for IESG [RFC7591] use in redirect-based flows token_endpoint_auth_method Requested authentication method IESG [RFC7591] for the token endpoint grant_types Array of OAuth 2.0 grant types IESG [RFC7591] that the client may use response_types Array of the OAuth 2.0 response IESG [RFC7591] types that the client may use Human-readable name of the client_name client to be presented to the IESG [RFC7591] user client_uri URL of a web page providing IESG [RFC7591] information about the client logo_uri URL that references a logo for IESG [RFC7591] the client scope Space-separated list of OAuth IESG [RFC7591] 2.0 scope values Array of strings representing contacts ways to contact people IESG [RFC7591] responsible for this client, typically email addresses URL that points to a tos_uri human-readable terms of service IESG [RFC7591] document for the client URL that points to a policy_uri human-readable policy document IESG [RFC7591] for the client URL referencing the client's jwks_uri JSON Web Key Set [RFC7517] IESG [RFC7591] document representing the client's public keys Client's JSON Web Key Set jwks [RFC7517] document representing IESG [RFC7591] the client's public keys software_id Identifier for the software that IESG [RFC7591] comprises a client software_version Version identifier for the IESG [RFC7591] software that comprises a client client_id Client identifier IESG [RFC7591] client_secret Client secret IESG [RFC7591] client_id_issued_at Time at which the client IESG [RFC7591] identifier was issued client_secret_expires_at Time at which the client secret IESG [RFC7591] will expire OAuth 2.0 Bearer Token used to registration_access_token access the client configuration IESG [RFC7592] endpoint registration_client_uri Fully qualified URI of the IESG [RFC7592] client registration endpoint [OpenID Connect Kind of the application -- Dynamic Client application_type "native" or "web" [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 incorporating errata set 2] [OpenID Connect URL using the https scheme to be Dynamic Client sector_identifier_uri used in calculating Pseudonymous [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 Identifiers by the OP incorporating errata set 2] [OpenID Connect subject_type requested for Dynamic Client subject_type responses to this Client -- [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 "pairwise" or "public" incorporating errata set 2] [OpenID Connect JWS alg algorithm REQUIRED for Dynamic Client id_token_signed_response_alg signing the ID Token issued to [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 this Client incorporating errata set 2] [OpenID Connect JWE alg algorithm REQUIRED for Dynamic Client id_token_encrypted_response_alg encrypting the ID Token issued [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 to this Client incorporating errata set 2] [OpenID Connect JWE enc algorithm REQUIRED for Dynamic Client id_token_encrypted_response_enc encrypting the ID Token issued [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 to this Client incorporating errata set 2] [OpenID Connect JWS alg algorithm REQUIRED for Dynamic Client userinfo_signed_response_alg signing UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 incorporating errata set 2] [OpenID Connect JWE alg algorithm REQUIRED for Dynamic Client userinfo_encrypted_response_alg encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 incorporating errata set 2] [OpenID Connect JWE enc algorithm REQUIRED for Dynamic Client userinfo_encrypted_response_enc encrypting UserInfo Responses [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 incorporating errata set 2] [OpenID Connect JWS alg algorithm that MUST be Dynamic Client request_object_signing_alg used for signing Request Objects [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 sent to the OP incorporating errata set 2] JWE alg algorithm the RP is [OpenID Connect declaring that it may use for Dynamic Client request_object_encryption_alg encrypting Request Objects sent [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 to the OP incorporating errata set 2] JWE enc algorithm the RP is [OpenID Connect declaring that it may use for Dynamic Client request_object_encryption_enc encrypting Request Objects sent [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 to the OP incorporating errata set 2] JWS alg algorithm that MUST be used for signing the JWT used to [OpenID Connect authenticate the Client at the Dynamic Client token_endpoint_auth_signing_alg Token Endpoint for the [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 private_key_jwt and incorporating client_secret_jwt authentication errata set 2] methods [OpenID Connect Default Maximum Authentication Dynamic Client default_max_age Age [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 incorporating errata set 2] [OpenID Connect Boolean value specifying whether Dynamic Client require_auth_time the auth_time Claim in the ID [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 Token is REQUIRED incorporating errata set 2] [OpenID Connect Default requested Authentication Dynamic Client default_acr_values Context Class Reference values [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 incorporating errata set 2] [OpenID Connect URI using the https scheme that Dynamic Client initiate_login_uri a third party can use to [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 initiate a login by the RP incorporating errata set 2] [OpenID Connect Array of request_uri values that Dynamic Client request_uris are pre-registered by the RP for [OpenID_Foundation_Artifact_Binding_Working_Group] Registration 1.0 use at the OP incorporating errata set 2] [UMA 2.0 Grant claims_redirect_uris claims redirection endpoints [Kantara_UMA_WG] for OAuth 2.0, Section 2] JWS alg algorithm required for [ETSI GS NFV-SEC nfv_token_signed_response_alg signing the nfv Token issued to [ETSI] 022 V2.7.1] this Client JWE alg algorithm required for [ETSI GS NFV-SEC nfv_token_encrypted_response_alg encrypting the nfv Token issued [ETSI] 022 V2.7.1] to this Client JWE enc algorithm required for [ETSI GS NFV-SEC nfv_token_encrypted_response_enc encrypting the nfv Token issued [ETSI] 022 V2.7.1] to this Client Indicates the client's intention [RFC8705, Section tls_client_certificate_bound_access_tokens to use mutual-TLS client [IESG] 3.4] certificate-bound access tokens. String value specifying the [RFC8705, Section tls_client_auth_subject_dn expected subject DN of the [IESG] 2.1.2] client certificate. String value specifying the [RFC8705, Section tls_client_auth_san_dns expected dNSName SAN entry in [IESG] 2.1.2] the client certificate. String value specifying the tls_client_auth_san_uri expected [IESG] [RFC8705, Section uniformResourceIdentifier SAN 2.1.2] entry in the client certificate. String value specifying the [RFC8705, Section tls_client_auth_san_ip expected iPAddress SAN entry in [IESG] 2.1.2] the client certificate. String value specifying the [RFC8705, Section tls_client_auth_san_email expected rfc822Name SAN entry in [IESG] 2.1.2] the client certificate. OAuth Token Endpoint Authentication Methods Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591][RFC8414] Note Registration requests should be sent to the mailing list described in [RFC7591]. Available Formats [IMG] CSV Token Endpoint Authentication Method Name Change Controller Reference none IESG [RFC7591] client_secret_post IESG [RFC7591] client_secret_basic IESG [RFC7591] client_secret_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] private_key_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set 1] tls_client_auth IESG [RFC8705, Section 2.1.1] self_signed_tls_client_auth IESG [RFC8705, Section 2.2.1] PKCE Code Challenge Methods Registration Procedure(s) Specification Required Expert(s) John Bradley, Mike Jones Reference [RFC7636] Note Registration requests should be sent to the mailing list described in [RFC7636]. Available Formats [IMG] CSV Code Challenge Method Parameter Name Change Controller Reference plain IESG [Section 4.2 of RFC7636] S256 IESG [Section 4.2 of RFC7636] OAuth Token Introspection Response Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7662] Note Registration requests should be sent to the mailing list described in [RFC7662]. Available Formats [IMG] CSV Name Description Change Controller Reference active Token active status IESG [RFC7662, Section 2.2] username User identifier of the resource owner IESG [RFC7662, Section 2.2] client_id Client identifier of the client IESG [RFC7662, Section 2.2] scope Authorized scopes of the token IESG [RFC7662, Section 2.2] token_type Type of the token IESG [RFC7662, Section 2.2] exp Expiration timestamp of the token IESG [RFC7662, Section 2.2] iat Issuance timestamp of the token IESG [RFC7662, Section 2.2] nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2] sub Subject of the token IESG [RFC7662, Section 2.2] aud Audience of the token IESG [RFC7662, Section 2.2] iss Issuer of the token IESG [RFC7662, Section 2.2] jti Unique identifier of the token IESG [RFC7662, Section 2.2] permissions array of objects, each describing a scoped, time-limitable [Kantara_UMA_WG] [Federated Authorization for UMA 2.0, Section 5.1.1] permission for a resource vot Vector of Trust value IESG [RFC8485] vtm Vector of Trust trustmark URL IESG [RFC8485] act Actor IESG [RFC8693, Section 4.1] may_act Authorized Actor - the party that is authorized to become the IESG [RFC8693, Section 4.4] actor cnf Confirmation IESG [RFC7800][RFC8705] OAuth Authorization Server Metadata Registration Procedure(s) Specification Required Expert(s) Michael Jones, Nat Sakimura, John Bradley Reference [RFC8414] Note Registration requests should be sent to the mailing list described in [RFC8414]. Available Formats [IMG] CSV Metadata Name Metadata Description Change Controller Reference issuer Authorization server's IESG [RFC8414, issuer identifier URL Section 2] URL of the authorization [RFC8414, authorization_endpoint server's authorization IESG Section 2] endpoint token_endpoint URL of the authorization IESG [RFC8414, server's token endpoint Section 2] URL of the authorization [RFC8414, jwks_uri server's JWK Set IESG Section 2] document URL of the authorization registration_endpoint server's OAuth 2.0 IESG [RFC8414, Dynamic Client Section 2] Registration Endpoint JSON array containing a list of the OAuth 2.0 [RFC8414, scopes_supported "scope" values that this IESG Section 2] authorization server supports JSON array containing a list of the OAuth 2.0 [RFC8414, response_types_supported "response_type" values IESG Section 2] that this authorization server supports JSON array containing a list of the OAuth 2.0 [RFC8414, response_modes_supported "response_mode" values IESG Section 2] that this authorization server supports JSON array containing a list of the OAuth 2.0 [RFC8414, grant_types_supported grant type values that IESG Section 2] this authorization server supports JSON array containing a list of client [RFC8414, token_endpoint_auth_methods_supported authentication methods IESG Section 2] supported by this token endpoint JSON array containing a list of the JWS signing algorithms supported by token_endpoint_auth_signing_alg_values_supported the token endpoint for IESG [RFC8414, the signature on the JWT Section 2] used to authenticate the client at the token endpoint URL of a page containing human-readable service_documentation information that IESG [RFC8414, developers might want or Section 2] need to know when using the authorization server Languages and scripts supported for the user ui_locales_supported interface, represented IESG [RFC8414, as a JSON array of Section 2] language tag values from [BCP47] URL that the authorization server provides to the person registering the client op_policy_uri to read about the IESG [RFC8414, authorization server's Section 2] requirements on how the client can use the data provided by the authorization server URL that the authorization server provides to the person [RFC8414, op_tos_uri registering the client IESG Section 2] to read about the authorization server's terms of service URL of the authorization [RFC8414, revocation_endpoint server's OAuth 2.0 IESG Section 2] revocation endpoint JSON array containing a list of client [RFC8414, revocation_endpoint_auth_methods_supported authentication methods IESG Section 2] supported by this revocation endpoint JSON array containing a list of the JWS signing algorithms supported by revocation_endpoint_auth_signing_alg_values_supported the revocation endpoint IESG [RFC8414, for the signature on the Section 2] JWT used to authenticate the client at the revocation endpoint URL of the authorization [RFC8414, introspection_endpoint server's OAuth 2.0 IESG Section 2] introspection endpoint JSON array containing a list of client [RFC8414, introspection_endpoint_auth_methods_supported authentication methods IESG Section 2] supported by this introspection endpoint JSON array containing a list of the JWS signing algorithms supported by the introspection [RFC8414, introspection_endpoint_auth_signing_alg_values_supported endpoint for the IESG Section 2] signature on the JWT used to authenticate the client at the introspection endpoint PKCE code challenge code_challenge_methods_supported methods supported by IESG [RFC8414, this authorization Section 2] server Signed JWT containing [RFC8414, signed_metadata metadata values about IESG Section the authorization server 2.1] as claims URL of the authorization [RFC8628, device_authorization_endpoint server's device IESG Section 4] authorization endpoint Indicates authorization server support for [RFC8705, tls_client_certificate_bound_access_tokens mutual-TLS client IESG Section certificate-bound access 3.3] tokens. JSON object containing alternative authorization server mtls_endpoint_aliases endpoints, which a IESG [RFC8705, client intending to do Section 5] mutual TLS will use in preference to the conventional endpoints. JSON array containing a list of the JWS signing [ETSI GS nfv_token_signing_alg_values_supported algorithms supported by [ETSI] NFV-SEC 022 the server for signing V2.7.1] the JWT used as NFV Token JSON array containing a list of the JWE encryption algorithms [ETSI GS nfv_token_encryption_alg_values_supported (alg values) supported [ETSI] NFV-SEC 022 by the server to encode V2.7.1] the JWT used as NFV Token JSON array containing a list of the JWE encryption algorithms [ETSI GS nfv_token_encryption_enc_values_supported (enc values) supported [ETSI] NFV-SEC 022 by the server to encode V2.7.1] the JWT used as NFV Token [OpenID URL of the OP's UserInfo Connect userinfo_endpoint Endpoint [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0, Section 3] JSON array containing a [OpenID list of the Connect acr_values_supported Authentication Context [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery Class References that 1.0, this OP supports Section 3] JSON array containing a [OpenID list of the Subject Connect subject_types_supported Identifier types that [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery this OP supports 1.0, Section 3] JSON array containing a [OpenID list of the JWS "alg" Connect id_token_signing_alg_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery OP for the ID Token 1.0, Section 3] JSON array containing a [OpenID list of the JWE "alg" Connect id_token_encryption_alg_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery OP for the ID Token 1.0, Section 3] JSON array containing a [OpenID list of the JWE "enc" Connect id_token_encryption_enc_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery OP for the ID Token 1.0, Section 3] JSON array containing a [OpenID list of the JWS "alg" Connect userinfo_signing_alg_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery UserInfo Endpoint 1.0, Section 3] JSON array containing a [OpenID list of the JWE "alg" Connect userinfo_encryption_alg_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery UserInfo Endpoint 1.0, Section 3] JSON array containing a [OpenID list of the JWE "enc" Connect userinfo_encryption_enc_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery UserInfo Endpoint 1.0, Section 3] JSON array containing a [OpenID list of the JWS "alg" Connect request_object_signing_alg_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery OP for Request Objects 1.0, Section 3] JSON array containing a [OpenID list of the JWE "alg" Connect request_object_encryption_alg_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery OP for Request Objects 1.0, Section 3] JSON array containing a [OpenID list of the JWE "enc" Connect request_object_encryption_enc_values_supported values supported by the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery OP for Request Objects 1.0, Section 3] JSON array containing a [OpenID list of the "display" Connect display_values_supported parameter values that [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery the OpenID Provider 1.0, supports Section 3] JSON array containing a [OpenID list of the Claim Types Connect claim_types_supported that the OpenID Provider [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery supports 1.0, Section 3] JSON array containing a [OpenID list of the Claim Names Connect claims_supported of the Claims that the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery OpenID Provider MAY be 1.0, able to supply values Section 3] for Languages and scripts [OpenID supported for values in Connect claims_locales_supported Claims being returned, [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery represented as a JSON 1.0, array of BCP 47 language Section 3] tag values Boolean value specifying [OpenID whether the OP supports Connect claims_parameter_supported use of the "claims" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery parameter 1.0, Section 3] Boolean value specifying [OpenID whether the OP supports Connect request_parameter_supported use of the "request" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery parameter 1.0, Section 3] Boolean value specifying [OpenID whether the OP supports Connect request_uri_parameter_supported use of the "request_uri" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery parameter 1.0, Section 3] Boolean value specifying [OpenID whether the OP requires Connect require_request_uri_registration any "request_uri" values [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery used to be 1.0, pre-registered Section 3] People ID Name Contact URI Last Updated [ETSI] ETSI mailto:pnns&etsi.org 2019-07-22 [Kantara_UMA_WG] Kantara Initiative User-Managed Access mailto:staff&kantarainitiative.org 2018-04-23 Work Group [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding mailto:openid-specs-ab&lists.openid.net 2015-12-03 Working Group