Skip to main content

JWT Response for OAuth Token Introspection
draft-ietf-oauth-jwt-introspection-response-12

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-oauth-jwt-introspection-response@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, rifaat.s.ietf@gmail.com
Subject: Protocol Action: 'JWT Response for OAuth Token Introspection' to Proposed Standard (draft-ietf-oauth-jwt-introspection-response-12.txt)

The IESG has approved the following document:
- 'JWT Response for OAuth Token Introspection'
  (draft-ietf-oauth-jwt-introspection-response-12.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/


Ballot Text

Technical Summary

   This draft proposes an additional JSON Web Token (JWT) based response
   for OAuth 2.0 Token Introspection.

Working Group Summary

The document received many reviews and feedback from multiple WG members on the 
mailing list and during the WG meetings.

During initial IESG review, it received a DISCUSS that required a change of sufficient scope that that it was returned to the WG.  The WG addressed the issue and the document again went through WGLC and IETF LC.  The proposed change moves the data of the introspected token into a top-level JWT claim to allow for the separation of the carrier JWT claims from the actual 
token introspection response claims.

Document Quality:

The document has been implemented by the following:

* node.js OSS oidc-provider implements the document in full behind an optional feature toggle
https://github.com/panva/node-oidc-provider/blob/master/docs/README.md#featuresjwtintrospection

* connect2id has an implementation:
https://connect2id.com/products/server/docs/api/token-introspection

* ForgeRock:
https://github.com/ForgeRock/PSD2-Accelerators/tree/yes.com/openig/yes-openig-signed-introspect-filter

Personnel:

The document shepherd is Rifaat Shekh-Yusef. 
The responsible Area Director is Roman Danyliw.

RFC Editor Note