{"id":1591,"date":"2016-08-03T13:55:11","date_gmt":"2016-08-03T20:55:11","guid":{"rendered":"https:\/\/self-issued.info\/?p=1591"},"modified":"2016-08-03T13:55:11","modified_gmt":"2016-08-03T20:55:11","slug":"oauth-metadata-specifications-enhanced","status":"publish","type":"post","link":"https:\/\/self-issued.info\/?p=1591","title":{"rendered":"OAuth Metadata Specifications Enhanced"},"content":{"rendered":"

\"OAuth<\/span>The existing OAuth 2.0 Authorization Server Metadata<\/a> specification has now been joined by a related OAuth 2.0 Protected Resource Metadata<\/a> specification. This means that JSON metadata formats are now defined for all the OAuth 2.0 parties: clients, authorization servers, and protected resources.<\/p>\n

The most significant addition to the OAuth 2.0 Authorization Server Metadata specification is enabling signed metadata, represented as claims in a JSON Web Token (JWT). This is analogous to the role that the Software Statement plays in OAuth Dynamic Client Registration. Signed metadata can also be used for protected resource metadata.<\/p>\n

For use cases in which the set of protected resources used with an authorization server are enumerable, the authorization server metadata specification now defines the “protected_resources<\/code>” metadata value to list them. Likewise, the protected resource metadata specification defines an “authorization_servers<\/code>” metadata value to list the authorization servers that can be used with a protected resource, for use cases in which those are enumerable.<\/p>\n

The specifications are available at:<\/p>\n