March 16, 2011
OAuth JWT Bearer Token Profile

OAuth logoI’ve just published an OAuth JWT Bearer Token Profile. It defines a means of using a JSON Web Token (JWT) bearer token to request an OAuth 2.0 access token. This profile is intentionally strongly based upon the SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 by Brian Campbell and Chuck Mortimore; it borrows some text from the SAML profile with their permission. Thanks Brian and Chuck, for supporting the writing of this profile and for your reviews of preliminary drafts.

The profile draft is available at these locations:

http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.html
http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.txt
http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.xml
http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.html (will point to new versions as they are posted)
http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.txt (will point to new versions as they are posted)
http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.xml (will point to new versions as they are posted)
http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, txt, and html versions available)

I will also submit this as a formal Internet draft after the IETF tool re-opens for submissions (on March 28th).

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.