OAuth logoI’ve just published an OAuth JWT Bearer Token Profile. It defines a means of using a JSON Web Token (JWT) bearer token to request an OAuth 2.0 access token. This profile is intentionally strongly based upon the SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 by Brian Campbell and Chuck Mortimore; it borrows some text from the SAML profile with their permission. Thanks Brian and Chuck, for supporting the writing of this profile and for your reviews of preliminary drafts.

The profile draft is available at these locations:

https://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.html
https://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.txt
https://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.xml
https://self-issued.info/docs/draft-jones-oauth-jwt-bearer.html (will point to new versions as they are posted)
https://self-issued.info/docs/draft-jones-oauth-jwt-bearer.txt (will point to new versions as they are posted)
https://self-issued.info/docs/draft-jones-oauth-jwt-bearer.xml (will point to new versions as they are posted)
http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, txt, and html versions available)

I will also submit this as a formal Internet draft after the IETF tool re-opens for submissions (on March 28th).