OAuth logoI updated the OAuth JWT Bearer Token Profile spec to track the changes made in the OAuth SAML Bearer Token Profile spec. Changes were:


  • Merged in changes from draft-ietf-oauth-saml2-bearer-09. In particular, this draft now uses draft-ietf-oauth-assertions, rather than being standalone. It also now defines how to use JWT bearer tokens both for Authorization Grants and for Client Authentication.

Meanwhile, Chuck Mortimore updated the OAuth Assertion Profile spec to incorporate working group feedback. In particular, the client_id parameter is now optional, as in some cases it may be carried in the assertion, rather than as a parameter.

The specs are available in the standard places. The HTML versions can be found at these locations:

Feedback welcome!