Overview#OAuth 2.0 Authorization Server Metadata is defined in RFC 8414 and defines defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 Authorization Server, including its OAuth 2.0 Endpoint locations and Authorization Server capabilities.
OAuth 2.0 Authorization Server Metadata generalizes the discovery mechanisms defined by OpenID Connect Discovery 1.0 in a way that is compatible with Openid-configuration, while being applicable to a wider set of OAuth 2.0 use cases. This is intentionally parallel to the way that the "OAuth 2.0 Dynamic Client Registration Protocol" (RFC 7591) specification generalized the dynamic client registration mechanisms defined by "OpenID Connect Dynamic Client Registration 1.0" OpenID.Registration in a way that was compatible with it.
This metadata can either be communicated in a self-asserted fashion by the server origin via HTTPS or as a set of signed metadata values represented as claims in a JSON Web Token (JWT). In the JWT case, the issuer is vouching for the validity of the data about the Authorization Server. This is analogous to the role that the Software Statement plays in OAuth Dynamic Client Registration Metadata RFC 7591.
The means by which the OAuth Client chooses an Authorization Server is out of scope in OAuth 2.0 Authorization Server Metadata. In some cases, its issuer identifier may be manually configured into the client. In other cases, it may be dynamically discovered, for instance, through the use of WebFinger RFC 7033, as described in Section 2 of "OpenID Connect Discovery 1.0" OpenID.Discovery.
OAuth 2.0 Authorization Server Metadata (RFC 8414) creates a IANA Registry which is part of the OAuth Parameters Registry and is located at: