|
13 | 13 | be taken to indicate. |
14 | 14 | --> |
15 | 15 | <rfc category="std" docName="openid-connect-rp-metadata-choices-1_0" ipr="none" |
| 16 | + submissionType="IETF" consensus="yes" |
16 | 17 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
17 | 18 |
|
18 | 19 | <?rfc toc="yes" ?> |
|
57 | 58 | </address> |
58 | 59 | </author> |
59 | 60 |
|
60 | | - <date day="24" month="April" year="2025" /> |
| 61 | + <date day="2" month="September" year="2025" /> |
61 | 62 |
|
62 | 63 | <workgroup>OpenID Connect Working Group</workgroup> |
63 | 64 |
|
|
313 | 314 | Client Authentication methods supported by the Client. |
314 | 315 | If a <spanx style="verb">token_endpoint_auth_method</spanx> |
315 | 316 | metadata parameter is also present, its value MUST be in the list. |
| 317 | + Also see the discussion of this parameter in |
| 318 | + <xref target="ClientAuthMethods"/>. |
316 | 319 | </t> |
317 | 320 |
|
318 | 321 | <t hangText="token_endpoint_auth_signing_alg_values_supported"> |
|
416 | 419 | </t> |
417 | 420 | </section> |
418 | 421 |
|
| 422 | + <section anchor="ClientAuthMethods" title="Client Authentication Methods Supported"> |
| 423 | + <t> |
| 424 | + The <spanx style="verb">token_endpoint_auth_methods_supported</spanx> |
| 425 | + metadata value is used, in practice, to indicate the |
| 426 | + Client Authentication Methods supported at any Authorization Server endpoint, |
| 427 | + not just the Token Endpoint. |
| 428 | + For instance, these same methods MUST be supported at |
| 429 | + the Revocation Endpoint <xref target="RFC7009"/>, |
| 430 | + the Introspection Endpoint <xref target="RFC7662"/>, and |
| 431 | + the Pushed Authorization Request Endpoint <xref target="RFC9126"/>, |
| 432 | + when they exist. |
| 433 | + </t> |
| 434 | + <t> |
| 435 | + It is a consensus position within the OpenID Connect working group that |
| 436 | + it was a mistake to create separate |
| 437 | + <spanx style="verb">revocation_endpoint_auth_methods_supported</spanx> and |
| 438 | + <spanx style="verb">introspection_endpoint_auth_methods_supported</spanx> |
| 439 | + Authorization Server Metadata parameters in <xref target="RFC8414"/>. |
| 440 | + This aligns with the decision by the OAuth Working group to use the |
| 441 | + <spanx style="verb">token_endpoint_auth_methods_supported</spanx> and |
| 442 | + <spanx style="verb">token_endpoint_auth_method</spanx> metadata parameters |
| 443 | + to describe the capabilities of the |
| 444 | + Pushed Authorization Request (PAR) Endpoint <xref target="RFC9126"/>, |
| 445 | + rather than creating new parameters that were PAR-specific. |
| 446 | + </t> |
| 447 | + <t> |
| 448 | + Consequently, this specification does not create |
| 449 | + <spanx style="verb">revocation_endpoint_auth_methods_supported</spanx> or |
| 450 | + <spanx style="verb">introspection_encryption_enc_values_supported</spanx> |
| 451 | + Client Metadata parameters. |
| 452 | + </t> |
| 453 | + </section> |
| 454 | + |
419 | 455 | <section anchor="ImplementationConsiderations" title="Implementation Considerations"> |
420 | 456 | <t> |
421 | 457 | To facilitate interoperability with implementations not supporting |
|
836 | 872 | <references title="Normative References"> |
837 | 873 | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> |
838 | 874 | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6749.xml"/> |
| 875 | + <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7009.xml"/> |
| 876 | + <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7662.xml"/> |
839 | 877 | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> |
| 878 | + <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9126.xml"/> |
840 | 879 | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9701.xml"/> |
841 | 880 |
|
842 | 881 | <reference anchor="OpenID.Core" target="https://openid.net/specs/openid-connect-core-1_0.html"> |
|
1092 | 1131 | <references title="Informative References"> |
1093 | 1132 |
|
1094 | 1133 | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7591.xml"/> |
| 1134 | + <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8414.xml"/> |
1095 | 1135 |
|
1096 | 1136 | </references> |
1097 | 1137 |
|
|
1142 | 1182 | <section anchor="History" title="Document History"> |
1143 | 1183 | <t>[[ To be removed from the approved Final Specification ]]</t> |
1144 | 1184 |
|
| 1185 | + <t> |
| 1186 | + -03 |
| 1187 | + <list style="symbols"> |
| 1188 | + <t> |
| 1189 | + Stated that the |
| 1190 | + <spanx style="verb">token_endpoint_auth_methods_supported</spanx> |
| 1191 | + metadata value is used to indicate the Client Authentication Methods |
| 1192 | + supported at any Authorization Server endpoint. |
| 1193 | + </t> |
| 1194 | + </list> |
| 1195 | + </t> |
| 1196 | + |
1145 | 1197 | <t> |
1146 | 1198 | -02 |
1147 | | - <list style="symbols"> |
| 1199 | + <list style="symbols"> |
1148 | 1200 | <t> |
1149 | 1201 | Added multi-valued metadata parameters based on single-valued metadata parameters |
1150 | 1202 | in <xref target="CIBA.Core"/>, <xref target="JARM"/>, and <xref target="RFC9701"/>. |
|
0 commit comments