OAuth Authorization Server Metadata spec incorporating WGLC feedback

On March 10, 2017

OAuth logo The OAuth Authorization Server Metadata specification has been updated to incorporate the working group last call feedback received. Thanks to William Denniss and Hannes Tschofenig for their reviews. Use of the “https” scheme for the “jwks_uri” URL is now required. The precedence of signed metadata values over unsigned values was clarified. Unused references were removed.

The specification is available at:

https://tools.ietf.org/html/draft-ietf-oauth-discovery-06

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-ietf-oauth-discovery-06.html

You must be logged in to post a comment.

Musings on Digital Identity

OAuth Authorization Server Metadata spec incorporating WGLC feedback

Leave a Reply

OAuth Authorization Server Metadata spec incorporating WGLC feedback

Cleaner version of Using RSA Algorithms with COSE Messages specification

Pre-Chicago OAuth Device Flow specification refinements

Leave a Reply