| rfc9207v2.txt | rfc9207.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) K. Meyer zu Selhausen | Internet Engineering Task Force (IETF) K. Meyer zu Selhausen | |||
| Request for Comments: 9207 Hackmanit | Request for Comments: 9207 Hackmanit | |||
| Category: Standards Track D. Fett | Category: Standards Track D. Fett | |||
| ISSN: 2070-1721 yes.com | ISSN: 2070-1721 yes.com | |||
| February 2022 | March 2022 | |||
| OAuth 2.0 Authorization Server Issuer Identification | OAuth 2.0 Authorization Server Issuer Identification | |||
| Abstract | Abstract | |||
| This document specifies a new parameter called iss. This parameter | This document specifies a new parameter called iss. This parameter | |||
| is used to explicitly include the issuer identifier of the | is used to explicitly include the issuer identifier of the | |||
| authorization server in the authorization response of an OAuth | authorization server in the authorization response of an OAuth | |||
| authorization flow. The iss parameter serves as an effective | authorization flow. The iss parameter serves as an effective | |||
| countermeasure to "mix-up attacks". | countermeasure to "mix-up attacks". | |||
| skipping to change at line 325 ¶ | skipping to change at line 325 ¶ | |||
| multiple authorization servers. However, clients interacting with | multiple authorization servers. However, clients interacting with | |||
| only one authorization server might add support for a second | only one authorization server might add support for a second | |||
| authorization server in the future. By supporting multiple | authorization server in the future. By supporting multiple | |||
| authorization servers, they become vulnerable to mix-up attacks and | authorization servers, they become vulnerable to mix-up attacks and | |||
| need to apply countermeasures. | need to apply countermeasures. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| 5.1. OAuth Authorization Server Metadata | 5.1. OAuth Authorization Server Metadata | |||
| IANA has registered the following values in the "OAuth Authorization | IANA has registered the following value in the "OAuth Authorization | |||
| Server Metadata" registry of [IANA.OAuth.Parameters] established by | Server Metadata" registry of [IANA.OAuth.Parameters] established by | |||
| [RFC8414]. | [RFC8414]. | |||
| Metadata Name: authorization_response_iss_parameter_supported | Metadata Name: authorization_response_iss_parameter_supported | |||
| Metadata Description: Boolean value indicating whether the | Metadata Description: Boolean value indicating whether the | |||
| authorization server provides the iss parameter in the | authorization server provides the iss parameter in the | |||
| authorization response. | authorization response. | |||
| Change Controller: IETF | Change Controller: IETF | |||
| Specification Document(s): Section 3 of RFC 9207 | Specification Document(s): Section 3 of RFC 9207 | |||
| End of changes. 2 change blocks. | ||||
| 2 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||