Search RFCs
RFC 7521
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants,May 2015
- File formats:
- Status:
- PROPOSED STANDARD
- Authors:
- B. Campbell
C. Mortimore
M. Jones
Y. Goland - Stream:
- IETF
- Source:
- oauth (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7521
Discuss this RFC: Send questions or comments to the mailing listoauth@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7521
Abstract
This specification provides a framework for the use of assertionswith OAuth 2.0 in the form of a new client authentication mechanismand a new authorization grant type. Mechanisms are specified fortransporting assertions during interactions with a token endpoint;general processing rules are also specified.
The intent of this specification is to provide a common framework forOAuth 2.0 to interwork with other identity systems using assertionsand to provide alternative client authentication mechanisms.
Note that this specification only defines abstract message flows andprocessing rules. In order to be implementable, companionspecifications are necessary to provide the corresponding concreteinstantiations.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.