Overview#
OAuth 2.0 Authorization Server Issuer Identification is defined in
RFC 9207 specifies a new parameter "
iss" that is used to explicitly include the
issuer identifier of the
Authorization Server in the
Authorization Response of an
OAuth authorization flow.
The "iss" parameter serves as an effective countermeasure to "mix-up attacks".
There might be more information for this subject on one of the following: