RFC 7521

Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants, May 2015

Canonical URL:
https://www.rfc-editor.org/rfc/rfc7521.txt
File formats:
Plain TextPDF
Status:
PROPOSED STANDARD
Authors:
B. Campbell
C. Mortimore
M. Jones
Y. Goland
Stream:
IETF
Source:
oauth (sec)

Cite this RFC: TXT  |  XML

DOI:  http://dx.doi.org/10.17487/RFC7521

Discuss this RFC: Send questions or comments to oauth@ietf.org

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This specification provides a framework for the use of assertions with OAuth 2.0 in the form of a new client authentication mechanism and a new authorization grant type. Mechanisms are specified for transporting assertions during interactions with a token endpoint; general processing rules are also specified. The intent of this specification is to provide a common framework for OAuth 2.0 to interwork with other identity systems using assertions and to provide alternative client authentication mechanisms. Note that this specification only defines abstract message flows and processing rules. In order to be implementable, companion specifications are necessary to provide the corresponding concrete instantiations.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×