Use token_endpoint_auth_methods_supported for all AS endpoints

selfissued · selfissued · commit f8f833046374 · 2025-09-01T17:24:18.000-07:00
diff --git a/openid-connect-rp-metadata-choices-1_0.xml b/openid-connect-rp-metadata-choices-1_0.xml
@@ -13,6 +13,7 @@
   be taken to indicate.
 -->
 <rfc category="std" docName="openid-connect-rp-metadata-choices-1_0" ipr="none"
+     submissionType="IETF" consensus="yes"
      xmlns:xi="http://www.w3.org/2001/XInclude">
 
   <?rfc toc="yes" ?>
@@ -57,7 +58,7 @@
       </address>
     </author>
 
-    <date day="24" month="April" year="2025" />
+    <date day="30" month="August" year="2025" />
 
     <workgroup>OpenID Connect Working Group</workgroup>
 
@@ -313,6 +314,8 @@
 	    Client Authentication methods supported by the Client.
 	    If a <spanx style="verb">token_endpoint_auth_method</spanx>
 	    metadata parameter is also present, its value MUST be in the list.
+	    Also see the discussion of this parameter in
+	    <xref target="ClientAuthMethods"/>.
 	  </t>
 
 	  <t hangText="token_endpoint_auth_signing_alg_values_supported">
@@ -416,6 +419,38 @@
       </t>
     </section>
 
+    <section anchor="ClientAuthMethods" title="Client Authentication Methods Supported">
+      <t>
+	The <spanx style="verb">token_endpoint_auth_methods_supported</spanx>
+	metadata value is used, in practice, to indicate the
+	Client Authentication Methods supported at any Authorization Server endpoint,
+	not just the Token Endpoint.
+	For instance, these same methods MUST be supported at
+	the Revocation Endpoint <xref target="RFC7009"/>,
+	the Introspection Endpoint <xref target="RFC7662"/>, and
+	the Pushed Authorization Request Endpoint <xref target="RFC9126"/>,
+	when they exist.
+      </t>
+      <t>
+	It is a consensus position within the OpenID Connect working group that
+	it was a mistake to create separate
+	<spanx style="verb">revocation_endpoint_auth_method</spanx> and
+	<spanx style="verb">introspection_endpoint_auth_method</spanx>
+	Client Metadata parameters.
+	This aligns with the decision by the OAuth Working group to use the
+	<spanx style="verb">token_endpoint_auth_methods_supported</spanx> and
+	<spanx style="verb">token_endpoint_auth_method</spanx> parameters
+	to describe the capabilities of the Pushed Authorization Request (PAR) Endpoint,
+	rather than creating new parameters that were PAR-specific.
+      </t>
+      <t>
+	Consequently, this specification does not create
+	<spanx style="verb">revocation_endpoint_auth_methods_supported</spanx> or
+	<spanx style="verb">introspection_encryption_enc_values_supported</spanx>
+	endpoints.
+      </t>
+    </section>
+
     <section anchor="ImplementationConsiderations" title="Implementation Considerations">
       <t>
 	To facilitate interoperability with implementations not supporting
@@ -836,7 +871,10 @@
     <references title="Normative References">
       <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
       <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6749.xml"/>
+      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7009.xml"/>
+      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7662.xml"/>
       <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
+      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9126.xml"/>
       <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9701.xml"/>
 
       <reference anchor="OpenID.Core" target="https://openid.net/specs/openid-connect-core-1_0.html">
@@ -1142,9 +1180,21 @@
     <section anchor="History" title="Document History">
       <t>[[ To be removed from the approved Final Specification ]]</t>
 
+      <t>
+	-03
+	<list style="symbols">
+	  <t>
+	    Stated that the
+	    <spanx style="verb">token_endpoint_auth_methods_supported</spanx>
+	    metadata value is used to indicate the Client Authentication Methods
+	    supported at any Authorization Server endpoint.
+	  </t>
+	</list>
+      </t>
+
       <t>
 	-02
-  <list style="symbols">
+	<list style="symbols">
 	  <t>
 	    Added multi-valued metadata parameters based on single-valued metadata parameters
 	    in <xref target="CIBA.Core"/>, <xref target="JARM"/>, and <xref target="RFC9701"/>.
