OAuth 2.0 Authorization Server Metadata
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: The IESG <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Hannes.Tschofenig@gmx.net, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'OAuth 2.0 Authorization Server Metadata' to Proposed Standard (draft-ietf-oauth-discovery-10.txt) The IESG has approved the following document: - 'OAuth 2.0 Authorization Server Metadata' (draft-ietf-oauth-discovery-10.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/
Technical Summary This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities. Working Group Summary Work on a discovery mechanism for OAuth was planned since a long time but it took till late 2015 before a document was submitted to the group, which re-used work done in the OpenID Foundation. When the WGLC was started in 2016, see https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html, feedback resulted in refocusing the scope of the specification, removing everything except for the authorization server metadata. Now, almost a year later these concerns have been resolved and the document is ready for publication. Document Quality The document scope has been changed to capture current deployment practice. There are 34 authorization server and 9 OAuth client implementations listed at http://openid.net/certification/ that implement metadata compatible with the AS metadata specification. (See the "Config OP" and "Config RP" columns.) Microsoft and Google are using this specification in deployment. Personnel Hannes Tschofenig is the document shepherd and the responsible area director is Eric Rescorla.