This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
OAuth 2.0 Authorization Server Metadata
OAuth 2.0 Authorization Server Metadata

Version management

Difference between version and

At line 1 added 21 lines
!!! Overview
[{$pagename}] is defined in [RFC 8414] and defines defines a [metadata] format that an [OAuth 2.0] [client|OAuth Client] can use to obtain the information needed to interact with an [OAuth 2.0] [Authorization Server], including its [OAuth 2.0 Endpoint] locations and [Authorization Server] capabilities.
[{$pagename}] generalizes the [discovery mechanisms|Discovery Mechanism] defined by [OpenID Connect Discovery] 1.0 in a way that is compatible with [Openid-configuration], while being applicable to a wider set of [OAuth 2.0] use cases. This is intentionally parallel to the way that the "[OAuth 2.0 Dynamic Client Registration Protocol]" ([RFC 7591]) specification generalized the dynamic client registration mechanisms defined by "[OpenID Connect Dynamic Client Registration 1.0|OpenID Connect Dynamic Client Registration]" [OpenID.Registration] in a way that was compatible with it.
The [metadata] for an [Authorization Server] is retrieved from a [well-known] location as a [JSON] [RFC 7159] document, which declares its endpoint locations and [Authorization Server] capabilities.
This [metadata] can either be communicated in a self-asserted fashion by the server origin via [HTTPS] or as a set of signed metadata values represented as claims in a [JSON Web Token] ([JWT]). In the [JWT] case, the issuer is vouching for the validity of the data about the [Authorization Server]. This is analogous to the role that the Software Statement plays in [OAuth Dynamic Client Registration Metadata] [RFC 7591].
The means by which the [OAuth Client] chooses an [Authorization Server] is out of scope in [{$pagename}]. In some cases, its issuer identifier may be manually configured into the client. In other cases, it may be dynamically discovered, for instance, through the use of [WebFinger] [RFC 7033], as described in Section 2 of "OpenID Connect Discovery 1.0" [OpenID.Discovery].
[{$pagename}] ([RFC 8414]) creates a [IANA Registry] which is part of the [OAuth Parameters Registry] and is located at: \\
[https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata|https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata|target='_blank']
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop