Skip to main content

The OAuth 2.0 Authorization Framework: Claims
draft-spencer-oauth-claims-01

Document Type Expired Internet-Draft (individual)
Author Travis Spencer
Last updated 2020-05-26 (Latest revision 2019-11-23)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This document extends the OAuth 2.0 framework to include a simple query language that can be used by clients to request certain claims from an authorization server. This mechanism can be used during the authorization request and refresh request. It also defines a response parameter of the token and introspection endpoints that indicates to the caller which claims were authorized by the resource owner. Lastly, it stipulates how this request parameter can be used during token exchange, and how clients may request that certain claims be placed in an access token intended for a particular resource server.

Authors

Travis Spencer

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)