OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens, February 2020
- File formats:
- PROPOSED STANDARD
- B. Campbell
- oauth (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual-TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.