OAuth logo Aaron Parecki and I have published a draft of the “OAuth 2.0 Protected Resource Metadata” specification that addresses all the issues that we’re aware of. In particular, the updates address the comments received during the discussions at IETF 118. As described in the History entry for -02, the changes were:

Switched from concatenating .well-known to the end of the resource identifier to inserting it between the host and path components of it.
Have WWW-Authenticate return resource_metadata rather than resource.

The specification is available at:

https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-02.html

You must be logged in to post a comment.

Musings on Digital Identity

OAuth 2.0 Protected Resource Metadata draft addressing all known issues

Leave a Reply

OAuth 2.0 Protected Resource Metadata draft addressing all known issues

Celebrating Ten Years of OpenID Connect at the OpenID Summit Tokyo 2024

Fully-Specified Algorithms adopted by JOSE working group

Leave a Reply