Month: November 2017

OAuth Token Exchange spec adding URIs for SAML assertions

On November 30, 2017

OAuth logo A new draft of the OAuth 2.0 Token Exchange specification has been published that adds token type URIs for SAML 1.1 and SAML 2.0 assertions. They were added in response to actual developer use cases. These parallel the existing token type URI for JWT tokens.

The specification is available at:

https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-10

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-ietf-oauth-token-exchange-10.html

OAuth Authorization Server Metadata spec incorporating IETF last call feedback

By Mike Jones

On November 15, 2017

In Claims, IETF, JSON, OAuth, Specifications

OAuth logo The OAuth Authorization Server Metadata specification has been updated to incorporate feedback received during IETF last call. Thanks to Shwetha Bhandari, Brian Carpenter, Donald Eastlake, Dick Hardt, and Mark Nottingham for their reviews. See the Document History appendix for clarifications applied. No normative changes were made.

The specification is available at:

https://tools.ietf.org/html/draft-ietf-oauth-discovery-08

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-ietf-oauth-discovery-08.html