The OAuth Authorization Server Metadata specification has been updated to incorporate the working group last call feedback received. Thanks to William Denniss and Hannes Tschofenig for their reviews. Use of the “
https” scheme for the “
jwks_uri” URL is now required. The precedence of signed metadata values over unsigned values was clarified. Unused references were removed.
The specification is available at:
An HTML-formatted version is also available at:
Leave a Reply
You must be logged in to post a comment.