Internet Assigned Numbers Authority
OAuth Parameters
Created
2012-07-27
Last Updated
2025-08-04
Available Formats
[IMG]
XML [IMG]
HTML [IMG]
Plain text
Registries Included Below
??OAuth Access Token Types
??OAuth Authorization Endpoint Response Types
??OAuth Extensions Error Registry
??OAuth Parameters
??OAuth Token Type Hints
??OAuth URI
??OAuth Dynamic Client Registration Metadata
??OAuth Token Endpoint Authentication Methods
??PKCE Code Challenge Methods
??OAuth Token Introspection Response
??OAuth Authorization Server Metadata
??OAuth Protected Resource Metadata
OAuth Access Token Types
Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig, Mike Jones
Reference
[RFC6749][RFC8414]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC6749]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Name Additional Token Endpoint Response Parameters HTTP Authentication Scheme(s) Change Controller Reference
Bearer Bearer IETF [RFC6750]
N_A IESG [RFC8693, Section 2.2.1]
PoP cnf, rs_cnf (see section 3.1 of [RFC8747] and section 3.2 of N/A IETF [RFC9200]
[RFC9201]).
DPoP DPoP IETF [RFC9449]
OAuth Authorization Endpoint Response Types
Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig, Mike Jones
Reference
[RFC6749]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC6749]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Name Change Controller Reference
code IETF [RFC6749]
code id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices]
code id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices]
code token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices]
id_token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices]
id_token token [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices]
none [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type Encoding Practices]
token IETF [RFC6749]
OAuth Extensions Error Registry
Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig, Mike Jones
Reference
[RFC6749]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC6749]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Name Usage Location Protocol Extension Change Controller Reference
invalid_request resource access bearer access IETF [RFC6750]
error response token type
invalid_token resource access bearer access IETF [RFC6750]
error response token type
insufficient_scope resource access bearer access IETF [RFC6750]
error response token type
revocation token revocation
unsupported_token_type endpoint error endpoint IETF [RFC7009]
response
[OpenID Connect
interaction_required authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
login_required authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
account_selection_required authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
consent_required authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
invalid_request_uri authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
invalid_request_object authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
request_not_supported authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
request_uri_not_supported authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
[OpenID Connect
registration_not_supported authorization OpenID Connect [OpenID_Foundation_Artifact_Binding_Working_Group] Core 1.0
endpoint incorporating
errata set 1]
need_info (and its subsidiary authorization [UMA 2.0 Grant
parameters) server response, Kantara UMA [Kantara_UMA_WG] for OAuth 2.0,
token endpoint Section 3.3.6]
authorization [UMA 2.0 Grant
request_denied server response, Kantara UMA [Kantara_UMA_WG] for OAuth 2.0,
token endpoint Section 3.3.6]
request_submitted (and its subsidiary authorization [UMA 2.0 Grant
parameters) server response, Kantara UMA [Kantara_UMA_WG] for OAuth 2.0,
token endpoint Section 3.3.6]
authorization_pending Token endpoint [RFC8628] IETF [RFC8628, Section
response 3.5]
access_denied Token endpoint [RFC8628] IETF [RFC8628, Section
response 3.5]
slow_down Token endpoint [RFC8628] IETF [RFC8628, Section
response 3.5]
expired_token Token endpoint [RFC8628] IETF [RFC8628, Section
response 3.5]
implicit grant
invalid_target error response, resource parameter IESG [RFC8707]
token error
response
unsupported_pop_key token error [RFC9200] IETF [RFC9200, Section
response 5.8.3]
incompatible_ace_profiles token error [RFC9200] IETF [RFC9200, Section
response 5.8.3]
token endpoint, OAuth 2.0 Rich [RFC9396, Section
invalid_authorization_details authorization Authorization IETF 5]
endpoint Requests
token error Demonstrating
invalid_dpop_proof response, resource Proof of IETF [RFC9449]
access error Possession (DPoP)
response
token error Demonstrating
use_dpop_nonce response, resource Proof of IETF [RFC9449]
access error Possession (DPoP)
response
resource access OAuth 2.0 Step Up [RFC9470, Section
insufficient_user_authentication error response Authentication IETF 3]
Challenge Protocol
Authorization [Section 12.1.2
missing_trust_anchor Endpoint OpenID Federation [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
Federation 1.0]
Authorization [Section 12.1.2
validation_failed Endpoint OpenID Federation [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
Federation 1.0]
OAuth Parameters
Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig, Mike Jones
Reference
[RFC6749]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC6749]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Name Parameter Usage Location Change Controller Reference
client_id authorization request, token IETF [RFC6749]
request
client_secret token request IETF [RFC6749]
response_type authorization request IETF [RFC6749]
redirect_uri authorization request, token IETF [RFC6749]
request
authorization request,
scope authorization response, token IETF [RFC6749]
request, token response
state authorization request, IETF [RFC6749]
authorization response
code authorization response, token IETF [RFC6749]
request
error authorization response, token IETF [RFC6749]
response
error_description authorization response, token IETF [RFC6749]
response
error_uri authorization response, token IETF [RFC6749]
response
grant_type token request IETF [RFC6749]
access_token authorization response, token IETF [RFC6749]
response
token_type authorization response, token IETF [RFC6749]
response
expires_in authorization response, token IETF [RFC6749]
response
username token request IETF [RFC6749]
password token request IETF [RFC6749]
refresh_token token request, token response IETF [RFC6749]
nonce authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
display authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
prompt authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
max_age authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
ui_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
claims_locales authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
id_token_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
login_hint authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
acr_values authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
claims authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
registration authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
request authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
request_uri authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
incorporating errata set 1]
id_token authorization response, access [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0
token response incorporating errata set 1]
session_state authorization response, access [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Session Management
token response 1.0, Section 2]
assertion token request IESG [RFC7521]
client_assertion token request IESG [RFC7521]
client_assertion_type token request IESG [RFC7521]
code_verifier token request IESG [RFC7636]
code_challenge authorization request IESG [RFC7636]
code_challenge_method authorization request IESG [RFC7636]
claim_token client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0,
Section 3.3.1]
pct client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0,
Section 3.3.1]
pct authorization server response, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0,
token endpoint Section 3.3.5]
rpt client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0,
Section 3.3.1]
ticket client request, token endpoint [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0,
Section 3.3.1]
upgraded authorization server response, [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0,
token endpoint Section 3.3.5]
vtr authorization request, token IESG [RFC8485]
request
device_code token request IESG [RFC8628, Section 3.1]
resource authorization request, token IESG [RFC8707]
request
audience token request IESG [RFC8693, Section 2.1]
requested_token_type token request IESG [RFC8693, Section 2.1]
subject_token token request IESG [RFC8693, Section 2.1]
subject_token_type token request IESG [RFC8693, Section 2.1]
actor_token token request IESG [RFC8693, Section 2.1]
actor_token_type token request IESG [RFC8693, Section 2.1]
issued_token_type token response IESG [RFC8693, Section 2.2.1]
response_mode Authorization Request [OpenID_Foundation_Artifact_Binding_Working_Group] [OAuth 2.0 Multiple Response Type
Encoding Practices]
nfv_token Access Token Response [ETSI] [ETSI GS NFV-SEC 022 V2.7.1]
iss authorization request, IETF [RFC9207, Section
authorization response 2][RFC9101][RFC7519, Section 4.1.1]
sub authorization request IETF [RFC7519, Section 4.1.2][RFC9101]
aud authorization request IETF [RFC7519, Section 4.1.3][RFC9101]
exp authorization request IETF [RFC7519, Section 4.1.4][RFC9101]
nbf authorization request IETF [RFC7519, Section 4.1.5][RFC9101]
iat authorization request IETF [RFC7519, Section 4.1.6][RFC9101]
jti authorization request IETF [RFC7519, Section 4.1.7][RFC9101]
ace_profile token response IETF [RFC9200, Sections 5.8.2, 5.8.4.3]
nonce1 client-rs request IETF [RFC9203]
nonce2 rs-client response IETF [RFC9203]
ace_client_recipientid client-rs request IETF [RFC9203]
ace_server_recipientid rs-client response IETF [RFC9203]
req_cnf token request IETF [RFC9201, Section 5]
rs_cnf token response IETF [RFC9201, Section 5]
cnf token response IETF [RFC9201, Section 5]
authorization_details authorization request, token IETF [RFC9396]
request, token response
dpop_jkt authorization request IETF [RFC9449, Section 10]
sign_info client-rs request, rs-client IETF [RFC9594]
response
kdcchallenge rs-client response IETF [RFC9594]
trust_chain authorization request [OpenID_Foundation_Artifact_Binding_Working_Group] [Section 12.1.1.1.2 of OpenID
Federation 1.0]
OAuth Token Type Hints
Registration Procedure(s)
Specification Required
Expert(s)
Torsten Lodderstedt, Mike Jones
Reference
[RFC7009]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC7009]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Hint Value Change Controller Reference
access_token IETF [RFC7009]
refresh_token IETF [RFC7009]
pct [Kantara_UMA_WG] [UMA 2.0 Grant for OAuth 2.0, Section 3.7]
OAuth URI
Registration Procedure(s)
Specification Required
Expert(s)
Hannes Tschofenig, Mike Jones
Reference
[RFC6755]
Note
Prefix: urn:ietf:params:oauth
Available Formats
[IMG]
CSV
URN Common Name Change Controller Reference
urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token Grant Type Profile for OAuth IESG [RFC7523]
2.0
urn:ietf:params:oauth:client-assertion-type:jwt-bearer JWT Bearer Token Profile for OAuth 2.0 Client IESG [RFC7523]
Authentication
urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion Grant Type Profile IESG [RFC7522]
for OAuth 2.0
urn:ietf:params:oauth:client-assertion-type:saml2-bearer SAML 2.0 Bearer Assertion Profile for OAuth IESG [RFC7522]
2.0 Client Authentication
urn:ietf:params:oauth:token-type:jwt JSON Web Token (JWT) Token Type IESG [RFC7519]
urn:ietf:params:oauth:grant-type:device_code Device flow grant type for OAuth 2.0 IESG [RFC8628, Section 3.1]
urn:ietf:params:oauth:grant-type:token-exchange Token exchange grant type for OAuth 2.0 IESG [RFC8693, Section 2.1]
urn:ietf:params:oauth:token-type:access_token Token type URI for an OAuth 2.0 access token IESG [RFC8693, Section 3]
urn:ietf:params:oauth:token-type:refresh_token Token type URI for an OAuth 2.0 refresh token IESG [RFC8693, Section 3]
urn:ietf:params:oauth:token-type:id_token Token type URI for an ID Token IESG [RFC8693, Section 3]
urn:ietf:params:oauth:token-type:saml1 Token type URI for a base64url-encoded SAML IESG [RFC8693, Section 3]
1.1 assertion
urn:ietf:params:oauth:token-type:saml2 Token type URI for a base64url-encoded SAML IESG [RFC8693, Section 3]
2.0 assertion
urn:ietf:params:oauth:request_uri A URN Sub-Namespace for OAuth Request URIs. IESG [RFC9126, Section 2.2]
urn:ietf:params:oauth:jwk-thumbprint JWK Thumbprint URI IESG [RFC9278]
urn:ietf:params:oauth:ckt COSE Key Thumbprint URI IETF [RFC9679]
OAuth Dynamic Client Registration Metadata
Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7591]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC7591]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Client Metadata Name Client Metadata Change Controller Reference
Description
Array of redirection URIs
redirect_uris for use in redirect-based IESG [RFC7591]
flows
Requested authentication
token_endpoint_auth_method method for the token IESG [RFC7591]
endpoint
Array of OAuth 2.0 grant
grant_types types that the client may IESG [RFC7591]
use
Array of the OAuth 2.0
response_types response types that the IESG [RFC7591]
client may use
Human-readable name of
client_name the client to be IESG [RFC7591]
presented to the user
URL of a web page
client_uri providing information IESG [RFC7591]
about the client
logo_uri URL that references a IESG [RFC7591]
logo for the client
scope Space-separated list of IESG [RFC7591]
OAuth 2.0 scope values
Array of strings
representing ways to
contacts contact people IESG [RFC7591]
responsible for this
client, typically email
addresses
URL that points to a
tos_uri human-readable terms of IESG [RFC7591]
service document for the
client
URL that points to a
policy_uri human-readable policy IESG [RFC7591]
document for the client
URL referencing the
client's JSON Web Key Set
jwks_uri [RFC7517] document IESG [RFC7591]
representing the client's
public keys
Client's JSON Web Key Set
jwks [RFC7517] document IESG [RFC7591]
representing the client's
public keys
Identifier for the
software_id software that comprises a IESG [RFC7591]
client
Version identifier for
software_version the software that IESG [RFC7591]
comprises a client
client_id Client identifier IESG [RFC7591]
client_secret Client secret IESG [RFC7591]
client_id_issued_at Time at which the client IESG [RFC7591]
identifier was issued
client_secret_expires_at Time at which the client IESG [RFC7591]
secret will expire
OAuth 2.0 Bearer Token
registration_access_token used to access the client IESG [RFC7592]
configuration endpoint
Fully qualified URI of
registration_client_uri the client registration IESG [RFC7592]
endpoint
[OpenID
Connect
Dynamic
application_type Kind of the application [OpenID_Foundation_Artifact_Binding_Working_Group] Client
-- "native" or "web" Registration
1.0
incorporating
errata set 2]
[OpenID
Connect
URL using the https Dynamic
sector_identifier_uri scheme to be used in [OpenID_Foundation_Artifact_Binding_Working_Group] Client
calculating Pseudonymous Registration
Identifiers by the OP 1.0
incorporating
errata set 2]
[OpenID
Connect
subject_type requested Dynamic
subject_type for responses to this [OpenID_Foundation_Artifact_Binding_Working_Group] Client
Client -- "pairwise" or Registration
"public" 1.0
incorporating
errata set 2]
[OpenID
Connect
JWS alg algorithm Dynamic
id_token_signed_response_alg REQUIRED for signing the [OpenID_Foundation_Artifact_Binding_Working_Group] Client
ID Token issued to this Registration
Client 1.0
incorporating
errata set 2]
[OpenID
Connect
JWE alg algorithm Dynamic
id_token_encrypted_response_alg REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client
the ID Token issued to Registration
this Client 1.0
incorporating
errata set 2]
[OpenID
Connect
JWE enc algorithm Dynamic
id_token_encrypted_response_enc REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client
the ID Token issued to Registration
this Client 1.0
incorporating
errata set 2]
[OpenID
Connect
JWS alg algorithm Dynamic
userinfo_signed_response_alg REQUIRED for signing [OpenID_Foundation_Artifact_Binding_Working_Group] Client
UserInfo Responses Registration
1.0
incorporating
errata set 2]
[OpenID
Connect
JWE alg algorithm Dynamic
userinfo_encrypted_response_alg REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client
UserInfo Responses Registration
1.0
incorporating
errata set 2]
[OpenID
Connect
JWE enc algorithm Dynamic
userinfo_encrypted_response_enc REQUIRED for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client
UserInfo Responses Registration
1.0
incorporating
errata set 2]
[OpenID
Connect
JWS alg algorithm that Dynamic
request_object_signing_alg MUST be used for signing [OpenID_Foundation_Artifact_Binding_Working_Group] Client
Request Objects sent to Registration
the OP 1.0
incorporating
errata set 2]
[OpenID
JWE alg algorithm the RP Connect
is declaring that it may Dynamic
request_object_encryption_alg use for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client
Request Objects sent to Registration
the OP 1.0
incorporating
errata set 2]
[OpenID
JWE enc algorithm the RP Connect
is declaring that it may Dynamic
request_object_encryption_enc use for encrypting [OpenID_Foundation_Artifact_Binding_Working_Group] Client
Request Objects sent to Registration
the OP 1.0
incorporating
errata set 2]
JWS alg algorithm that [OpenID
MUST be used for signing Connect
the JWT used to Dynamic
token_endpoint_auth_signing_alg authenticate the Client [OpenID_Foundation_Artifact_Binding_Working_Group] Client
at the Token Endpoint for Registration
the private_key_jwt and 1.0
client_secret_jwt incorporating
authentication methods errata set 2]
[OpenID
Connect
Dynamic
default_max_age Default Maximum [OpenID_Foundation_Artifact_Binding_Working_Group] Client
Authentication Age Registration
1.0
incorporating
errata set 2]
[OpenID
Connect
Boolean value specifying Dynamic
require_auth_time whether the auth_time [OpenID_Foundation_Artifact_Binding_Working_Group] Client
Claim in the ID Token is Registration
REQUIRED 1.0
incorporating
errata set 2]
[OpenID
Connect
Default requested Dynamic
default_acr_values Authentication Context [OpenID_Foundation_Artifact_Binding_Working_Group] Client
Class Reference values Registration
1.0
incorporating
errata set 2]
[OpenID
Connect
URI using the https Dynamic
initiate_login_uri scheme that a third party [OpenID_Foundation_Artifact_Binding_Working_Group] Client
can use to initiate a Registration
login by the RP 1.0
incorporating
errata set 2]
[OpenID
Connect
Array of request_uri Dynamic
request_uris values that are [OpenID_Foundation_Artifact_Binding_Working_Group] Client
pre-registered by the RP Registration
for use at the OP 1.0
incorporating
errata set 2]
[UMA 2.0
claims_redirect_uris claims redirection [Kantara_UMA_WG] Grant for
endpoints OAuth 2.0,
Section 2]
JWS alg algorithm [ETSI GS
nfv_token_signed_response_alg required for signing the [ETSI] NFV-SEC 022
nfv Token issued to this V2.7.1]
Client
JWE alg algorithm [ETSI GS
nfv_token_encrypted_response_alg required for encrypting [ETSI] NFV-SEC 022
the nfv Token issued to V2.7.1]
this Client
JWE enc algorithm [ETSI GS
nfv_token_encrypted_response_enc required for encrypting [ETSI] NFV-SEC 022
the nfv Token issued to V2.7.1]
this Client
Indicates the client's
intention to use [RFC8705,
tls_client_certificate_bound_access_tokens mutual-TLS client [IESG] Section 3.4]
certificate-bound access
tokens.
String value specifying [RFC8705,
tls_client_auth_subject_dn the expected subject DN [IESG] Section
of the client 2.1.2]
certificate.
String value specifying [RFC8705,
tls_client_auth_san_dns the expected dNSName SAN [IESG] Section
entry in the client 2.1.2]
certificate.
String value specifying
the expected [RFC8705,
tls_client_auth_san_uri uniformResourceIdentifier [IESG] Section
SAN entry in the client 2.1.2]
certificate.
String value specifying [RFC8705,
tls_client_auth_san_ip the expected iPAddress [IESG] Section
SAN entry in the client 2.1.2]
certificate.
String value specifying [RFC8705,
tls_client_auth_san_email the expected rfc822Name [IESG] Section
SAN entry in the client 2.1.2]
certificate.
Indicates where
authorization request
needs to be protected as [RFC9101,
require_signed_request_object Request Object and [IETF] Section 10.5]
provided through either
request or request_uri
parameter.
Indicates whether the
require_pushed_authorization_requests client is required to use [IESG] [RFC9126,
PAR to initiate Section 6]
authorization requests.
String value indicating
introspection_signed_response_alg the client¡¯s desired [IETF] [RFC9701,
introspection response Section 6]
signing algorithm
String value specifying
the desired introspection [RFC9701,
introspection_encrypted_response_alg response content key [IETF] Section 6]
encryption algorithm (alg
value)
String value specifying
the desired introspection [RFC9701,
introspection_encrypted_response_enc response content [IETF] Section 6]
encryption algorithm (enc
value)
RP URL that will cause [OpenID
the RP to log itself out Connect
frontchannel_logout_uri when rendered in an [OpenID_Foundation_Artifact_Binding_Working_Group] Front-Channel
iframe by the OP Logout 1.0,
Section 2]
Boolean value specifying
whether the RP requires
that a sid (session ID) [OpenID
query parameter be Connect
frontchannel_logout_session_required included to identify the [OpenID_Foundation_Artifact_Binding_Working_Group] Front-Channel
RP session with the OP Logout 1.0,
when the Section 2]
frontchannel_logout_uri
is used
RP URL that will cause [OpenID
the RP to log itself out Connect
backchannel_logout_uri when sent a Logout Token [OpenID_Foundation_Artifact_Binding_Working_Group] Back-Channel
by the OP Logout 1.0,
Section 2.2]
Boolean value specifying
whether the RP requires
that a sid (session ID) [OpenID
Claim be included in the Connect
backchannel_logout_session_required Logout Token to identify [OpenID_Foundation_Artifact_Binding_Working_Group] Back-Channel
the RP session with the Logout 1.0,
OP when the Section 2.2]
backchannel_logout_uri is
used
Array of URLs supplied by
the RP to which it MAY [OpenID
request that the Connect
post_logout_redirect_uris End-User's User Agent be [OpenID_Foundation_Artifact_Binding_Working_Group] RP-Initiated
redirected using the Logout 1.0,
post_logout_redirect_uri Section 3.1]
parameter after a logout
has been performed
Indicates what [RFC9396,
authorization_details_types authorization details [IETF] Section 10]
types the client uses.
Boolean value specifying
dpop_bound_access_tokens whether the client always [IETF] [RFC9449,
uses DPoP for token Section 5.2]
requests
An array of strings [Section
specifying the client 5.1.2 of
client_registration_types registration types the RP [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID
wants to use Federation
1.0]
URL referencing a signed [Section
JWT having the client's 5.2.1 of
signed_jwks_uri JWK Set document as its [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID
payload Federation
1.0]
Human-readable name [Section
representing the 5.2.2 of
organization_name organization owning this [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID
client Federation
1.0]
[Section
URL of a Web page for the 5.2.2 of
homepage_uri organization owning this [OpenID_Foundation_Artifact_Binding_Working_Group] OpenID
client Federation
1.0]
[Section
URL of a Web page for the 5.2.2.1.1 of
use_mtls_endpoint_aliases organization owning this [OpenID_Foundation_FAPI_Working_Group] FAPI 2.0
client Security
Profile]
Non-empty array of
strings, where each [Section 5.1
string is a JWE [RFC7516] of OpenID for
encrypted_response_enc_values_supported enc algorithm that can be [OpenID_Foundation_Digital_Credentials_Protocols_Working_Group] Verifiable
used as the content Presentations
encryption algorithm for 1.0]
encrypting the Response
An object containing a [Section 11.1
list of name/value pairs, of OpenID for
vp_formats_supported where the name is a [OpenID_Foundation_Digital_Credentials_Protocols_Working_Group] Verifiable
string identifying a Presentations
Credential format 1.0]
supported by the Verifier
OAuth Token Endpoint Authentication Methods
Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7591][RFC8414]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC7591]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Token Endpoint Authentication Method Name Change Controller Reference
none IESG [RFC7591]
client_secret_post IESG [RFC7591]
client_secret_basic IESG [RFC7591]
client_secret_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set
1]
private_key_jwt [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0 incorporating errata set
1]
tls_client_auth IESG [RFC8705, Section 2.1.1]
self_signed_tls_client_auth IESG [RFC8705, Section 2.2.1]
PKCE Code Challenge Methods
Registration Procedure(s)
Specification Required
Expert(s)
John Bradley, Mike Jones
Reference
[RFC7636]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC7636]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Code Challenge Method Parameter Name Change Controller Reference
plain IESG [Section 4.2 of RFC7636]
S256 IESG [Section 4.2 of RFC7636]
OAuth Token Introspection Response
Registration Procedure(s)
Specification Required
Expert(s)
Justin Richer
Reference
[RFC7662]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC7662]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Name Description Change Controller Reference
active Token active status IESG [RFC7662, Section 2.2]
username User identifier of the resource owner IESG [RFC7662, Section 2.2]
client_id Client identifier of the client IESG [RFC7662, Section 2.2]
scope Authorized scopes of the token IESG [RFC7662, Section 2.2]
token_type Type of the token IESG [RFC7662, Section 2.2]
exp Expiration timestamp of the token IESG [RFC7662, Section 2.2]
iat Issuance timestamp of the token IESG [RFC7662, Section 2.2]
nbf Timestamp which the token is not valid before IESG [RFC7662, Section 2.2]
sub Subject of the token IESG [RFC7662, Section 2.2]
aud Audience of the token IESG [RFC7662, Section 2.2]
iss Issuer of the token IESG [RFC7662, Section 2.2]
jti Unique identifier of the token IESG [RFC7662, Section 2.2]
permissions array of objects, each describing a scoped, time-limitable [Kantara_UMA_WG] [Federated Authorization for UMA 2.0,
permission for a resource Section 5.1.1]
vot Vector of Trust value IESG [RFC8485]
vtm Vector of Trust trustmark URL IESG [RFC8485]
act Actor IESG [RFC8693, Section 4.1]
may_act Authorized Actor - the party that is authorized to become the IESG [RFC8693, Section 4.4]
actor
cnf Confirmation IESG [RFC7800][RFC8705]
ace_profile The ACE profile used between the client and RS. IETF [RFC9200, Section 5.9.2]
"client-nonce". A nonce previously provided to the AS by the RS
cnonce via the client. Used to verify token freshness when the RS cannot IETF [RFC9200, Section 5.9.2]
synchronize its clock with the AS.
cti "CWT ID". The identifier of a CWT as defined in [RFC8392]. IETF [RFC9200, Section 5.9.2]
"Expires in". Lifetime of the token in seconds from the time the
exi RS first sees it. Used to implement a weaker form of token IETF [RFC9200, Section 5.9.2]
expiration for devices that cannot synchronize their internal
clocks.
The member authorization_details contains a JSON array of JSON
authorization_details objects representing the rights of the access token. Each JSON IETF [RFC9396, Section 9.2]
object contains the data to specify the authorization requirements
for a certain type of resource.
acr Authentication Context Class Reference IETF [RFC9470, Section 6.2]
auth_time Time when the user authentication occurred IETF [RFC9470, Section 6.2]
OAuth Authorization Server Metadata
Registration Procedure(s)
Specification Required
Expert(s)
Mike Jones, Nat Sakimura, John Bradley, Dick Hardt
Reference
[RFC8414]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC8414]. If approved, designated experts should notify
IANA within two weeks. For assistance, please contact iana@iana.org.
IANA does not monitor the list.
Available Formats
[IMG]
CSV
Metadata Name Metadata Change Controller Reference
Description
Authorization [RFC8414,
issuer server's issuer IESG Section 2]
identifier URL
URL of the
authorization [RFC8414,
authorization_endpoint server's IESG Section 2]
authorization
endpoint
URL of the
token_endpoint authorization IESG [RFC8414,
server's token Section 2]
endpoint
URL of the
jwks_uri authorization IESG [RFC8414,
server's JWK Set Section 2]
document
URL of the
authorization
server's OAuth [RFC8414,
registration_endpoint 2.0 Dynamic IESG Section 2]
Client
Registration
Endpoint
JSON array
containing a list
of the OAuth 2.0 [RFC8414,
scopes_supported "scope" values IESG Section 2]
that this
authorization
server supports
JSON array
containing a list
of the OAuth 2.0 [RFC8414,
response_types_supported "response_type" IESG Section 2]
values that this
authorization
server supports
JSON array
containing a list
of the OAuth 2.0 [RFC8414,
response_modes_supported "response_mode" IESG Section 2]
values that this
authorization
server supports
JSON array
containing a list
of the OAuth 2.0 [RFC8414,
grant_types_supported grant type values IESG Section 2]
that this
authorization
server supports
JSON array
containing a list
of client [RFC8414,
token_endpoint_auth_methods_supported authentication IESG Section 2]
methods supported
by this token
endpoint
JSON array
containing a list
of the JWS
signing
algorithms
token_endpoint_auth_signing_alg_values_supported supported by the IESG [RFC8414,
token endpoint Section 2]
for the signature
on the JWT used
to authenticate
the client at the
token endpoint
URL of a page
containing
human-readable
information that [RFC8414,
service_documentation developers might IESG Section 2]
want or need to
know when using
the authorization
server
Languages and
scripts supported
for the user
interface, [RFC8414,
ui_locales_supported represented as a IESG Section 2]
JSON array of
language tag
values from BCP
47 [RFC5646]
URL that the
authorization
server provides
to the person
registering the
client to read
about the [RFC8414,
op_policy_uri authorization IESG Section 2]
server's
requirements on
how the client
can use the data
provided by the
authorization
server
URL that the
authorization
server provides
to the person
op_tos_uri registering the IESG [RFC8414,
client to read Section 2]
about the
authorization
server's terms of
service
URL of the
authorization [RFC8414,
revocation_endpoint server's OAuth IESG Section 2]
2.0 revocation
endpoint
JSON array
containing a list
of client
revocation_endpoint_auth_methods_supported authentication IESG [RFC8414,
methods supported Section 2]
by this
revocation
endpoint
JSON array
containing a list
of the JWS
signing
algorithms
supported by the
revocation_endpoint_auth_signing_alg_values_supported revocation IESG [RFC8414,
endpoint for the Section 2]
signature on the
JWT used to
authenticate the
client at the
revocation
endpoint
URL of the
authorization [RFC8414,
introspection_endpoint server's OAuth IESG Section 2]
2.0 introspection
endpoint
JSON array
containing a list
of client
introspection_endpoint_auth_methods_supported authentication IESG [RFC8414,
methods supported Section 2]
by this
introspection
endpoint
JSON array
containing a list
of the JWS
signing
algorithms
supported by the
introspection_endpoint_auth_signing_alg_values_supported introspection IESG [RFC8414,
endpoint for the Section 2]
signature on the
JWT used to
authenticate the
client at the
introspection
endpoint
PKCE code
challenge methods [RFC8414,
code_challenge_methods_supported supported by this IESG Section 2]
authorization
server
Signed JWT
containing
signed_metadata metadata values IESG [RFC8414,
about the Section 2.1]
authorization
server as claims
URL of the
authorization [RFC8628,
device_authorization_endpoint server's device IESG Section 4]
authorization
endpoint
Indicates
authorization
server support [RFC8705,
tls_client_certificate_bound_access_tokens for mutual-TLS IESG Section 3.3]
client
certificate-bound
access tokens.
JSON object
containing
alternative
authorization
server endpoints,
mtls_endpoint_aliases which a client IESG [RFC8705,
intending to do Section 5]
mutual TLS will
use in preference
to the
conventional
endpoints.
JSON array
containing a list
of the JWS
signing [ETSI GS NFV-SEC
nfv_token_signing_alg_values_supported algorithms [ETSI] 022 V2.7.1]
supported by the
server for
signing the JWT
used as NFV Token
JSON array
containing a list
of the JWE
encryption [ETSI GS NFV-SEC
nfv_token_encryption_alg_values_supported algorithms (alg [ETSI] 022 V2.7.1]
values) supported
by the server to
encode the JWT
used as NFV Token
JSON array
containing a list
of the JWE
encryption [ETSI GS NFV-SEC
nfv_token_encryption_enc_values_supported algorithms (enc [ETSI] 022 V2.7.1]
values) supported
by the server to
encode the JWT
used as NFV Token
URL of the OP's [OpenID Connect
userinfo_endpoint UserInfo Endpoint [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
Section 3]
JSON array
containing a list
of the [OpenID Connect
acr_values_supported Authentication [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
Context Class Section 3]
References that
this OP supports
JSON array
containing a list [OpenID Connect
subject_types_supported of the Subject [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
Identifier types Section 3]
that this OP
supports
JSON array
containing a list [OpenID Connect
id_token_signing_alg_values_supported of the JWS "alg" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the OP for the
ID Token
JSON array
containing a list [OpenID Connect
id_token_encryption_alg_values_supported of the JWE "alg" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the OP for the
ID Token
JSON array
containing a list [OpenID Connect
id_token_encryption_enc_values_supported of the JWE "enc" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the OP for the
ID Token
JSON array
containing a list [OpenID Connect
userinfo_signing_alg_values_supported of the JWS "alg" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the UserInfo
Endpoint
JSON array
containing a list [OpenID Connect
userinfo_encryption_alg_values_supported of the JWE "alg" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the UserInfo
Endpoint
JSON array
containing a list [OpenID Connect
userinfo_encryption_enc_values_supported of the JWE "enc" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the UserInfo
Endpoint
JSON array
containing a list [OpenID Connect
request_object_signing_alg_values_supported of the JWS "alg" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the OP for
Request Objects
JSON array
containing a list [OpenID Connect
request_object_encryption_alg_values_supported of the JWE "alg" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the OP for
Request Objects
JSON array
containing a list [OpenID Connect
request_object_encryption_enc_values_supported of the JWE "enc" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
values supported Section 3]
by the OP for
Request Objects
JSON array
containing a list [OpenID Connect
display_values_supported of the "display" [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
parameter values Section 3]
that the OpenID
Provider supports
JSON array
containing a list [OpenID Connect
claim_types_supported of the Claim [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
Types that the Section 3]
OpenID Provider
supports
JSON array
containing a list
of the Claim [OpenID Connect
claims_supported Names of the [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
Claims that the Section 3]
OpenID Provider
MAY be able to
supply values for
Languages and
scripts supported
for values in
Claims being [OpenID Connect
claims_locales_supported returned, [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
represented as a Section 3]
JSON array of BCP
47 [RFC5646]
language tag
values
Boolean value
specifying [OpenID Connect
claims_parameter_supported whether the OP [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
supports use of Section 3]
the "claims"
parameter
Boolean value
specifying [OpenID Connect
request_parameter_supported whether the OP [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
supports use of Section 3]
the "request"
parameter
Boolean value
specifying [OpenID Connect
request_uri_parameter_supported whether the OP [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
supports use of Section 3]
the "request_uri"
parameter
Boolean value
specifying
whether the OP [OpenID Connect
require_request_uri_registration requires any [OpenID_Foundation_Artifact_Binding_Working_Group] Discovery 1.0,
"request_uri" Section 3]
values used to be
pre-registered
Indicates where
authorization
request needs to
be protected as
require_signed_request_object Request Object IETF [RFC9101,
and provided Section 10.5]
through either
request or
request_uri
parameter.
URL of the
authorization [RFC9126,
pushed_authorization_request_endpoint server's pushed IESG Section 5]
authorization
request endpoint
Indicates whether
the authorization
require_pushed_authorization_requests server accepts IESG [RFC9126,
authorization Section 5]
requests only via
PAR.
JSON array
containing a list
of algorithms
introspection_signing_alg_values_supported supported by the IETF [RFC9701,
authorization Section 7]
server for
introspection
response signing
JSON array
containing a list
of algorithms
supported by the
introspection_encryption_alg_values_supported authorization IETF [RFC9701,
server for Section 7]
introspection
response content
key encryption
(alg value)
JSON array
containing a list
of algorithms
supported by the
introspection_encryption_enc_values_supported authorization IETF [RFC9701,
server for Section 7]
introspection
response content
encryption (enc
value)
Boolean value
indicating
whether the
authorization [RFC9207,
authorization_response_iss_parameter_supported server provides IETF Section 3]
the iss parameter
in the
authorization
response.
URL of an OP
iframe that
supports
cross-origin [OpenID Connect
check_session_iframe communications [OpenID_Foundation_Artifact_Binding_Working_Group] Session
for session state Management 1.0,
information with Section 3.3]
the RP Client,
using the HTML5
postMessage API
Boolean value
specifying
whether the OP [OpenID Connect
frontchannel_logout_supported supports [OpenID_Foundation_Artifact_Binding_Working_Group] Front-Channel
HTTP-based Logout 1.0,
logout, with true Section 3]
indicating
support
Boolean value
specifying
whether the OP [OpenID Connect
backchannel_logout_supported supports [OpenID_Foundation_Artifact_Binding_Working_Group] Back-Channel
back-channel Logout 1.0,
logout, with true Section 2]
indicating
support
Boolean value
specifying
whether the OP
can pass a sid [OpenID Connect
backchannel_logout_session_supported (session ID) [OpenID_Foundation_Artifact_Binding_Working_Group] Back-Channel
Claim in the Logout 1.0,
Logout Token to Section 2]
identify the RP
session with the
OP
URL at the OP to
which an RP can
perform a [OpenID Connect
end_session_endpoint redirect to [OpenID_Foundation_Artifact_Binding_Working_Group] RP-Initiated
request that the Logout 1.0,
End-User be Section 2.1]
logged out at the
OP
[OpenID Connect
Supported CIBA Client-Initiated
backchannel_token_delivery_modes_supported authentication [OpenID_Foundation_MODRNA_Working_Group] Backchannel
result delivery Authentication
modes Flow - Core 1.0,
Section 4]
[OpenID Connect
CIBA Backchannel Client-Initiated
backchannel_authentication_endpoint Authentication [OpenID_Foundation_MODRNA_Working_Group] Backchannel
Endpoint Authentication
Flow - Core 1.0,
Section 4]
JSON array
containing a list
of the JWS [OpenID Connect
signing Client-Initiated
backchannel_authentication_request_signing_alg_values_supported algorithms [OpenID_Foundation_MODRNA_Working_Group] Backchannel
supported for Authentication
validation of Flow - Core 1.0,
signed CIBA Section 4]
authentication
requests
Indicates whether [OpenID Connect
the OP supports Client-Initiated
backchannel_user_code_parameter_supported the use of the [OpenID_Foundation_MODRNA_Working_Group] Backchannel
CIBA user_code Authentication
parameter. Flow - Core 1.0,
Section 4]
JSON array
containing the [RFC9396,
authorization_details_types_supported authorization IETF Section 10]
details types the
AS supports
JSON array
containing a list
dpop_signing_alg_values_supported of the JWS IETF [RFC9449,
algorithms Section 5.1]
supported for
DPoP proof JWTs
Client [Section 5.1.3
client_registration_types_supported Registration [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
Types Supported Federation 1.0]
Federation [Section 5.1.3
federation_registration_endpoint Registration [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
Endpoint Federation 1.0]
Authentication [Section 5.1.3
request_authentication_methods_supported request [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
authentication Federation 1.0]
methods supported
JSON array
containing the
JWS signing
algorithms [Section 5.1.3
request_authentication_signing_alg_values_supported supported for the [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
signature on the Federation 1.0]
JWT used to
authenticate the
request
URL referencing a
signed JWT having
this [Section 5.2.1
signed_jwks_uri authorization [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
server's JWK Set Federation 1.0]
document as its
payload
JSON Web Key Set [Section 5.2.1
jwks document, passed [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
by value Federation 1.0]
Human-readable
name representing [Section 5.2.2
organization_name the organization [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
owning this Federation 1.0]
authorization
server
Array of strings
representing ways
to contact people [Section 5.2.2
contacts responsible for [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
this Federation 1.0]
authorization
server, typically
email addresses
URL that
references a logo
for the [Section 5.2.2
logo_uri organization [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
owning this Federation 1.0]
authorization
server
URL of a Web page
for the [Section 5.2.2
homepage_uri organization [OpenID_Foundation_Artifact_Binding_Working_Group] of OpenID
owning this Federation 1.0]
authorization
server
JSON array
containing a list
protected_resources of resource IETF [RFC9728,
identifiers for Section 4]
OAuth protected
resources
OAuth Protected Resource Metadata
Registration Procedure(s)
Specification Required
Expert(s)
Michael Jones, Dick Hardt
Reference
[RFC9728]
Note
Registration requests should be sent to [oauth-ext-review@ietf.org], as
described in [RFC9728]. If approved,
designated experts should notify IANA within two weeks. For
assistance, please contact iana@iana.org. IANA does not monitor the
list.
Available Formats
[IMG]
CSV
Metadata Name Metadata Description Change Controller Reference
resource Protected resource's resource identifier URL IETF [RFC9728, Section 2]
authorization_servers JSON array containing a list of OAuth authorization server IETF [RFC9728, Section 2]
issuer identifiers
jwks_uri URL of the protected resource's JWK Set document IETF [RFC9728, Section 2]
JSON array containing a list of the OAuth 2.0 scope values
scopes_supported that are used in authorization requests to request access to IETF [RFC9728, Section 2]
this protected resource
bearer_methods_supported JSON array containing a list of the OAuth 2.0 bearer token IETF [RFC9728, Section 2]
presentation methods that this protected resource supports
JSON array containing a list of the JWS signing algorithms
resource_signing_alg_values_supported (alg values) supported by the protected resource for signed IETF [RFC9728, Section 2]
content
resource_name Human-readable name of the protected resource IETF [RFC9728, Section 2]
URL of a page containing human-readable information that
resource_documentation developers might want or need to know when using the IETF [RFC9728, Section 2]
protected resource
URL of a page containing human-readable information about
resource_policy_uri the protected resource's requirements on how the client can IETF [RFC9728, Section 2]
use the data provided by the protected resource
resource_tos_uri URL of a page containing human-readable information about IETF [RFC9728, Section 2]
the protected resource's terms of service
tls_client_certificate_bound_access_tokens Boolean value indicating protected resource support for IETF [RFC9728, Section 2]
mutual-TLS client certificate-bound access tokens
JSON array containing a list of the authorization details
authorization_details_types_supported type values supported by the resource server when the IETF [RFC9728, Section 2]
authorization_details request parameter is used
dpop_signing_alg_values_supported JSON array containing a list of the JWS alg values supported IETF [RFC9728, Section 2]
by the resource server for validating DPoP proof JWTs
dpop_bound_access_tokens_required Boolean value specifying whether the protected resource IETF [RFC9728, Section 2]
always requires the use of DPoP-bound access tokens
signed_metadata Signed JWT containing metadata parameters about the IETF [RFC9728, Section 2.2]
protected resource as claims
Contact Information
ID Name Contact URI Last
Updated
[ETSI] ETSI mailto:pnns&etsi.org 2019-07-22
Internet
[IESG] Engineering mailto:iesg&ietf.org
Steering
Group
Internet
[IETF] Engineering mailto:ietf&ietf.org
Task Force
Kantara
Initiative
[Kantara_UMA_WG] User-Managed mailto:staff&kantarainitiative.org 2018-04-23
Access Work
Group
OpenID
Foundation
[OpenID_Foundation_Artifact_Binding_Working_Group] Artifact mailto:openid-specs-ab&lists.openid.net 2022-09-23
Binding
Working
Group
OpenID
Foundation
Digital
[OpenID_Foundation_Digital_Credentials_Protocols_Working_Group] Credentials mailto:openid-specs-digital-credentials-protocols&lists.openid.net 2025-08-04
Protocols
Working
Group
OpenID
[OpenID_Foundation_FAPI_Working_Group] Foundation mailto:openid-specs-fapi&lists.openid.net 2025-04-28
FAPI Working
Group
OpenID
Foundation
[OpenID_Foundation_MODRNA_Working_Group] MODRNA mailto:openid-specs-mobile-profile&lists.openid.net 2022-12-01
Working
Group
Licensing Terms
Presently we were in a very dark road, and at a point where it dropped suddenly between steep sides we halted in black shadow. A gleam of pale sand, a whisper of deep flowing waters, and a farther glimmer of more sands beyond them challenged our advance. We had come to a "grapevine ferry." The scow was on the other side, the water too shoal for the horses to swim, and the bottom, most likely, quicksand. Out of the blackness of the opposite shore came a soft, high-pitched, quavering, long-drawn, smothered moan of woe, the call of that snivelling little sinner the screech-owl. Ferry murmured to me to answer it and I sent the same faint horror-stricken tremolo back. Again it came to us, from not farther than one might toss his cap, and I followed Ferry down to the water's edge. The grapevine guy swayed at our side, we heard the scow slide from the sands, and in a few moments, moved by two videttes, it touched our shore. Soon we were across, the two videttes riding with us, and beyond a sharp rise, in an old opening made by the swoop of a hurricane, we entered the silent unlighted bivouac of Ferry's scouts. Ferry got down and sat on the earth talking with Quinn, while the sergeants quietly roused the sleepers to horse. Plotinus is driven by this perplexity to reconsider the whole theory of Matter.477 He takes Aristotle¡¯s doctrine as the groundwork of his investigation. According to this, all existence is divided into Matter and Form. What we know of things¡ªin other words, the sum of their differential characteristics¡ªis their Form. Take away this, and the unknowable residuum is their Matter. Again, Matter is the vague indeterminate something out of which particular Forms are developed. The two are related as Possibility to Actuality, as the more generic to the more specific substance through every grade of classification and composition. Thus there are two Matters, the one sensible and the other intelligible. The former constitutes the common substratum of bodies, the other the common element of ideas.478 The general distinction between Matter and Form was originally suggested to Aristotle by Plato¡¯s remarks on the same subject; but he differs325 from his master in two important particulars. Plato, in his Timaeus, seems to identify Matter with space.479 So far, it is a much more positive conception than the ?λη of the Metaphysics. On the other hand, he constantly opposes it to reality as something non-existent; and he at least implies that it is opposed to absolute good as a principle of absolute evil.480 Thus while the Aristotelian world is formed by the development of Power into Actuality, the Platonic world is composed by the union of Being and not-Being, of the Same and the Different, of the One and the Many, of the Limit and the Unlimited, of Good and Evil, in varying proportions with each other. The Lawton woman had heard of an officer's family at Grant, which was in need of a cook, and had gone there. [See larger version] On the 8th of July an extraordinary Privy Council was summoned. All the members, of whatever party, were desired to attend, and many were the speculations as to the object of their meeting. The general notion was that it involved the continuing or the ending of the war. It turned out to be for the announcement of the king's intended marriage. The lady selected was Charlotte, the second sister of the Duke of Mecklenburg-Strelitz. Apart from the narrowness of her education, the young princess had a considerable amount of amiability, good sense, and domestic taste. These she shared with her intended husband, and whilst they made the royal couple always retiring, at the same time they caused them to give, during their lives, a moral air to their court. On the 8th of September Charlotte arrived at St. James's, and that afternoon the marriage took place, the ceremony being performed by the Archbishop of Canterbury. On the 22nd the coronation took place with the greatest splendour. Mother and girls were inconsolable, for each had something that they were sure "Si would like," and would "do him good," but they knew Josiah Klegg, Sr., well enough to understand what was the condition when he had once made up his mind. CHAPTER V. THE YOUNG RECRUITS Si proceeded to deftly construct a litter out of the two guns, with some sticks that he cut with a knife, and bound with pawpaw strips. His voice had sunk very low, almost to sweetness. A soft flurry of pink went over her face, and her eyelids drooped. Then suddenly she braced herself, pulled herself taut, grew combative again, though her voice shook. HoME²Ô¾®Ïè̫ʲôÐÇ×ù
ENTER NUMBET 0016gxkgwx.com.cn
www.jzsbmall.com.cn
www.lwchain.com.cn
mbchain.com.cn
www.jmqdky.com.cn
goob.net.cn
mkmk.net.cn
www.viviyp.org.cn
www.prlous.com.cn
www.nianz.com.cn