OAuth Parameters Created 2012-07-27 Last Updated 2019-02-05 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below * OAuth Access Token Types * OAuth Authorization Endpoint Response Types * OAuth Extensions Error Registry * OAuth Parameters * OAuth Token Type Hints * OAuth URI * OAuth Dynamic Client Registration Metadata * OAuth Token Endpoint Authentication Methods * PKCE Code Challenge Methods * OAuth Token Introspection Response * OAuth Authorization Server Metadata OAuth Access Token Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749][RFC8414] Available Formats [IMG] CSV Name Additional Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference Bearer Bearer IETF [RFC6750] OAuth Authorization Endpoint Response Types Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Available Formats [IMG] CSV Name Change Controller Reference code IETF [RFC6749] code id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] code id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] code token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] none [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html] token IETF [RFC6749] OAuth Extensions Error Registry Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Available Formats [IMG] CSV Name Usage Protocol Change Controller Reference Location Extension resource bearer invalid_request access error access IETF [RFC6750] response token type resource bearer invalid_token access error access IETF [RFC6750] response token type resource bearer insufficient_scope access error access IETF [RFC6750] response token type revocation token unsupported_token_type endpoint revocation IETF [RFC7009] error endpoint response interaction_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect login_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect session_selection_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect consent_required authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect invalid_request_uri authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect invalid_request_object authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect request_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect request_uri_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect registration_not_supported authorization OpenID [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] endpoint Connect authorization need_info (and its server Kantara subsidiary parameters) response, UMA [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.6] token endpoint authorization server Kantara request_denied response, UMA [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.6] token endpoint authorization request_submitted (and its server Kantara subsidiary parameters) response, UMA [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.6] token endpoint OAuth Parameters Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6749] Available Formats [IMG] CSV Parameter Name Usage Change Controller Reference Location authorization client_id request, IETF [RFC6749] token request client_secret token request IETF [RFC6749] response_type authorization IETF [RFC6749] request authorization redirect_uri request, IETF [RFC6749] token request authorization request, authorization scope response, IETF [RFC6749] token request, token response authorization state request, IETF [RFC6749] authorization response authorization code response, IETF [RFC6749] token request authorization error response, IETF [RFC6749] token response authorization error_description response, IETF [RFC6749] token response authorization error_uri response, IETF [RFC6749] token response grant_type token request IETF [RFC6749] authorization access_token response, IETF [RFC6749] token response authorization token_type response, IETF [RFC6749] token response authorization expires_in response, IETF [RFC6749] token response username token request IETF [RFC6749] password token request IETF [RFC6749] token refresh_token request, IETF [RFC6749] token response nonce authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request display authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request prompt authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request max_age authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request ui_locales authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request claims_locales authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request id_token_hint authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request login_hint authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request acr_values authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request claims authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request registration authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request request authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request request_uri authorization [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] request authorization id_token response, [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-core-1_0.html] access token response authorization session_state response, [OpenID_Foundation_Artifact_Binding_Working_Group] [http://openid.net/specs/openid-connect-session-1_0.html] access token response assertion token request IESG [RFC7521] client_assertion token request IESG [RFC7521] client_assertion_type token request IESG [RFC7521] code_verifier token request IESG [RFC7636] code_challenge authorization IESG [RFC7636] request code_challenge_method authorization IESG [RFC7636] request client claim_token request, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] token endpoint client pct request, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] token endpoint authorization server pct response, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.5] token endpoint client rpt request, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] token endpoint client ticket request, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.1] token endpoint authorization server upgraded response, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.3.5] token endpoint authorization vtr request, IESG [RFC8485] token request OAuth Token Type Hints Registration Procedure(s) Specification Required with mandatory two-week mailing list review Expert(s) Torsten Lodderstedt Reference [RFC7009] Available Formats [IMG] CSV Hint Value Change Controller Reference access_token IETF [RFC7009] refresh_token IETF [RFC7009] pct [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.7] OAuth URI Registration Procedure(s) Specification Required Expert(s) Hannes Tschofenig Reference [RFC6755] Note Prefix: urn:ietf:params:oauth Available Formats [IMG] CSV URN Common Name Change Controller Reference urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type Profile for OAuth 2.0 IESG [RFC7523] urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for OAuth 2.0 Client IESG [RFC7523] Authentication urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 IESG [RFC7522] urn:ietf:params:oauth:client-assertion-type:saml2-bearer SAML 2.0 Bearer Assertion Profile for OAuth 2.0 Client IESG [RFC7522] Authentication urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519] OAuth Dynamic Client Registration Metadata Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591] Note See [RFC7591]for mailing list information. Available Formats [IMG] CSV Client Metadata Name Client Metadata Description Change Controller Reference redirect_uris Array of redirection URIs for use in IESG [RFC7591] redirect-based flows token_endpoint_auth_method Requested authentication method for IESG [RFC7591] the token endpoint grant_types Array of OAuth 2.0 grant types that IESG [RFC7591] the client may use response_types Array of the OAuth 2.0 response IESG [RFC7591] types that the client may use client_name Human-readable name of the client to IESG [RFC7591] be presented to the user client_uri URL of a web page providing IESG [RFC7591] information about the client logo_uri URL that references a logo for the IESG [RFC7591] client scope Space-separated list of OAuth 2.0 IESG [RFC7591] scope values Array of strings representing ways contacts to contact people responsible for IESG [RFC7591] this client, typically email addresses URL that points to a human-readable tos_uri terms of service document for the IESG [RFC7591] client policy_uri URL that points to a human-readable IESG [RFC7591] policy document for the client URL referencing the client's JSON jwks_uri Web Key Set [RFC7517] document IESG [RFC7591] representing the client's public keys Client's JSON Web Key Set [RFC7517] jwks document representing the client's IESG [RFC7591] public keys software_id Identifier for the software that IESG [RFC7591] comprises a client software_version Version identifier for the software IESG [RFC7591] that comprises a client client_id Client identifier IESG [RFC7591] client_secret Client secret IESG [RFC7591] client_id_issued_at Time at which the client identifier IESG [RFC7591] was issued client_secret_expires_at Time at which the client secret will IESG [RFC7591] expire OAuth 2.0 Bearer Token used to registration_access_token access the client configuration IESG [RFC7592] endpoint registration_client_uri Fully qualified URI of the client IESG [RFC7592] registration endpoint [OpenID Connect Dynamic application_type Kind of the application -- "native" [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 or "web" incorporating errata set 2] URL using the https scheme to be [OpenID Connect Dynamic sector_identifier_uri used in calculating Pseudonymous [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Identifiers by the OP incorporating errata set 2] subject_type requested for responses [OpenID Connect Dynamic subject_type to this Client -- "pairwise" or [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 "public" incorporating errata set 2] JWS alg algorithm REQUIRED for [OpenID Connect Dynamic id_token_signed_response_alg signing the ID Token issued to this [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Client incorporating errata set 2] JWE alg algorithm REQUIRED for [OpenID Connect Dynamic id_token_encrypted_response_alg encrypting the ID Token issued to [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 this Client incorporating errata set 2] JWE enc algorithm REQUIRED for [OpenID Connect Dynamic id_token_encrypted_response_enc encrypting the ID Token issued to [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 this Client incorporating errata set 2] [OpenID Connect Dynamic userinfo_signed_response_alg JWS alg algorithm REQUIRED for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 signing UserInfo Responses incorporating errata set 2] [OpenID Connect Dynamic userinfo_encrypted_response_alg JWE alg algorithm REQUIRED for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting UserInfo Responses incorporating errata set 2] [OpenID Connect Dynamic userinfo_encrypted_response_enc JWE enc algorithm REQUIRED for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting UserInfo Responses incorporating errata set 2] JWS alg algorithm that MUST be used [OpenID Connect Dynamic request_object_signing_alg for signing Request Objects sent to [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 the OP incorporating errata set 2] JWE alg algorithm the RP is [OpenID Connect Dynamic request_object_encryption_alg declaring that it may use for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting Request Objects sent to incorporating errata set the OP 2] JWE enc algorithm the RP is [OpenID Connect Dynamic request_object_encryption_enc declaring that it may use for [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 encrypting Request Objects sent to incorporating errata set the OP 2] JWS alg algorithm that MUST be used for signing the JWT used to [OpenID Connect Dynamic token_endpoint_auth_signing_alg authenticate the Client at the Token [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Endpoint for the private_key_jwt and incorporating errata set client_secret_jwt authentication 2] methods [OpenID Connect Dynamic default_max_age Default Maximum Authentication Age [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 incorporating errata set 2] Boolean value specifying whether the [OpenID Connect Dynamic require_auth_time auth_time Claim in the ID Token is [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 REQUIRED incorporating errata set 2] [OpenID Connect Dynamic default_acr_values Default requested Authentication [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 Context Class Reference values incorporating errata set 2] URI using the https scheme that a [OpenID Connect Dynamic initiate_login_uri third party can use to initiate a [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 login by the RP incorporating errata set 2] Array of request_uri values that are [OpenID Connect Dynamic request_uris pre-registered by the RP for use at [OpenID_Foundation_Artifact_Binding_Working_Group] Client Registration 1.0 the OP incorporating errata set 2] claims_redirect_uris claims redirection endpoints [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 2] OAuth Token Endpoint Authentication Methods Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7591][RFC8414] Note See [RFC7591]for mailing list information. Available Formats [IMG] CSV Token Endpoint Authentication Method Name Change Controller Reference none IESG [RFC7591] client_secret_post IESG [RFC7591] client_secret_basic IESG [RFC7591] client_secret_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0] private_key_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0] PKCE Code Challenge Methods Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC7636] Available Formats [IMG] CSV Code Challenge Method Parameter Name Change Controller Reference plain IESG [Section 4.2 of RFC7636] S256 IESG [Section 4.2 of RFC7636] OAuth Token Introspection Response Registration Procedure(s) Specification Required Expert(s) Justin Richer Reference [RFC7662] Available Formats [IMG] CSV Name Description Change Controller Reference active Token active status IESG [RFC7662, Section 2.2] username User identifier of the resource owner IESG [RFC7662, Section 2.2] client_id Client identifier of the client IESG [RFC7662, Section 2.2] scope Authorized scopes of the token IESG [RFC7662, Section 2.2] token_type Type of the token IESG [RFC7662, Section 2.2] exp Expiration timestamp of the token IESG [RFC7662, Section 2.2] iat Issuance timestamp of the token IESG [RFC7662, Section 2.2] nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2] sub Subject of the token IESG [RFC7662, Section 2.2] aud Audience of the token IESG [RFC7662, Section 2.2] iss Issuer of the token IESG [RFC7662, Section 2.2] jti Unique identifier of the token IESG [RFC7662, Section 2.2] permissions array of objects, each describing a scoped, time-limitable [Kantara_UMA_WG] [Federated Authorization for UMA 2.0, Section 5.1.1] permission for a resource vot Vector of Trust value IESG [RFC8485] vtm Vector of Trust trustmark URL IESG [RFC8485] act Actor (TEMPORARY - registered 2019-02-05, expires 2020-02-05) IESG [draft-ietf-oauth-token-exchange] may_act May Act For (TEMPORARY - registered 2019-02-05, expires IESG [draft-ietf-oauth-token-exchange] 2020-02-05) OAuth Authorization Server Metadata Registration Procedure(s) Specification Required Expert(s) Michael Jones, Nat Sakimura, John Bradley Reference [RFC8414] Available Formats [IMG] CSV Metadata Name Metadata Description Change Controller Reference issuer Authorization server's issuer identifier URL IESG [RFC8414, Section 2] authorization_endpoint URL of the authorization server's authorization IESG [RFC8414, Section 2] endpoint token_endpoint URL of the authorization server's token endpoint IESG [RFC8414, Section 2] jwks_uri URL of the authorization server's JWK Set IESG [RFC8414, Section 2] document registration_endpoint URL of the authorization server's OAuth 2.0 IESG [RFC8414, Section 2] Dynamic Client Registration Endpoint JSON array containing a list of the OAuth 2.0 scopes_supported "scope" values that this authorization server IESG [RFC8414, Section 2] supports JSON array containing a list of the OAuth 2.0 response_types_supported "response_type" values that this authorization IESG [RFC8414, Section 2] server supports JSON array containing a list of the OAuth 2.0 response_modes_supported "response_mode" values that this authorization IESG [RFC8414, Section 2] server supports JSON array containing a list of the OAuth 2.0 grant_types_supported grant type values that this authorization server IESG [RFC8414, Section 2] supports JSON array containing a list of client token_endpoint_auth_methods_supported authentication methods supported by this token IESG [RFC8414, Section 2] endpoint JSON array containing a list of the JWS signing token_endpoint_auth_signing_alg_values_supported algorithms supported by the token endpoint for IESG [RFC8414, Section 2] the signature on the JWT used to authenticate the client at the token endpoint URL of a page containing human-readable service_documentation information that developers might want or need IESG [RFC8414, Section 2] to know when using the authorization server Languages and scripts supported for the user ui_locales_supported interface, represented as a JSON array of IESG [RFC8414, Section 2] language tag values from [BCP47] URL that the authorization server provides to the person registering the client to read about op_policy_uri the authorization server's requirements on how IESG [RFC8414, Section 2] the client can use the data provided by the authorization server URL that the authorization server provides to op_tos_uri the person registering the client to read about IESG [RFC8414, Section 2] the authorization server's terms of service revocation_endpoint URL of the authorization server's OAuth 2.0 IESG [RFC8414, Section 2] revocation endpoint JSON array containing a list of client revocation_endpoint_auth_methods_supported authentication methods supported by this IESG [RFC8414, Section 2] revocation endpoint JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint revocation_endpoint_auth_signing_alg_values_supported for the signature on the JWT used to IESG [RFC8414, Section 2] authenticate the client at the revocation endpoint introspection_endpoint URL of the authorization server's OAuth 2.0 IESG [RFC8414, Section 2] introspection endpoint JSON array containing a list of client introspection_endpoint_auth_methods_supported authentication methods supported by this IESG [RFC8414, Section 2] introspection endpoint JSON array containing a list of the JWS signing algorithms supported by the introspection introspection_endpoint_auth_signing_alg_values_supported endpoint for the signature on the JWT used to IESG [RFC8414, Section 2] authenticate the client at the introspection endpoint code_challenge_methods_supported PKCE code challenge methods supported by this IESG [RFC8414, Section 2] authorization server signed_metadata Signed JWT containing metadata values about the IESG [RFC8414, Section authorization server as claims 2.1] People ID Name Contact URI Last Updated [Kantara_UMA_WG] Kantara Initiative User-Managed Access mailto:staff&kantarainitiative.org 2018-04-23 Work Group [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding mailto:openid-specs-ab&lists.openid.net 2015-12-03 Working Group