RFC 8705

OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens, February 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Authors:
B. Campbell
J. Bradley
N. Sakimura
T. Lodderstedt
Stream:
IETF
Source:
oauth (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8705

Discuss this RFC: Send questions or comments to oauth@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual-TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader