Skip to main content

The OAuth 2.0 Authorization Framework: Claims

Document Type Expired Internet-Draft (individual)
Author Travis Spencer
Last updated 2020-05-26 (Latest revision 2019-11-23)
Stream (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document extends the OAuth 2.0 framework to include a simple query language that can be used by clients to request certain claims from an authorization server. This mechanism can be used during the authorization request and refresh request. It also defines a response parameter of the token and introspection endpoints that indicates to the caller which claims were authorized by the resource owner. Lastly, it stipulates how this request parameter can be used during token exchange, and how clients may request that certain claims be placed in an access token intended for a particular resource server.


Travis Spencer

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)