OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens, February 2020
- File formats:
- Also available: XML file for editing
- PROPOSED STANDARD
- B. Campbell
- oauth (sec)
Cite this RFC: TXT | XML | BibTeX
Discuss this RFC: Send questions or comments to the mailing list firstname.lastname@example.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8705
This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual-TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.