OAuth 2.0 Authorization Server Metadata is currently an Internet Draft OAuth 2.0 Authorization Server Metadata

OAuth 2.0 Authorization Server Metadata generalizes the discovery mechanisms defined by OpenID Connect Discovery 1.0 in a way that is compatible with OpenID Connect Discovery, while being applicable to a wider set of OAuth 2.0 use cases. This is intentionally parallel to the way that the "OAuth 2.0 Dynamic Client Registration Protocol" (RFC 7591) specification generalized the dynamic client registration mechanisms defined by "OpenID Connect Dynamic Client Registration 1.0" OpenID.Registration in a way that was compatible with it.

In order for an OAuth client to utilize OAuth 2.0 services for a Resource Owner, the OAuth Client needs to know where the OAuth 2.0 Authorization Server is. This specification uses WebFinger (RFC 7033) to locate the Authorization Server for an resource owner. This process is described in Section 2.

Once the Authorization Server has been identified, the configuration information for that Authorization Server is retrieved from a well-known location as a JSON (RFC 7159) document, including its OAuth 2.0 endpoint locations and Authorization Server capabilities. This process is described in Section 4.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 19-Jul-2017 10:20 by jim