OAuth 2.0 Assertion Profile

Document Type Expired Internet-Draft (individual)
Authors Michael Jones  , Yaron Goland  , Brian Campbell 
Last updated 2011-06-18
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This specification provides a general framework for the use of assertions as client credentials and/or authorization grants with OAuth 2.0. It includes a generic mechanism for transporting assertions during interactions with a token endpoint, as wells as rules for the content and processing of those assertions. The intent is to provide an enhanced security profile by using derived values such as signatures or HMACs, as well as facilitate the use of OAuth 2.0 in client-server integration scenarios where the end-user may not be present. This specification only defines abstract messsage flow and assertion content. Actual use requires implementation of a companion protocol binding specification. Additional profile documents provide standard representations in formats such as SAML and JWT.


Michael Jones (mbj@microsoft.com)
Yaron Goland (yarong@microsoft.com)
Brian Campbell (bcampbell@pingidentity.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)