oauth2.dev

op_policy_uri

IESG

Registry Context

An optional authorization server metadata URL where the person registering a client can read the authorization server's requirements for how the client may use data provided by the server.

Technical Summary

The op_policy_uri authorization server metadata member contains a URL describing the authorization server's requirements for client use of data provided by the authorization server. When present, the registration process should display the URL to the person registering the client.

When Used

Used during client registration to present the authorization server's data-use requirements to the person registering the client.

Normative Requirements

Authorization servers

OPTIONAL
1
  1. RFC 8414 - Section 2

    Provide op_policy_uri as a URL where the person registering the client can read the authorization server's requirements for client use of data provided by the server..

    OPTIONAL. URL that the authorization server provides to the person registering the client to read about the authorization server's requirements

registration process

SHOULD
1
  1. RFC 8414 - Section 2

    Display the op_policy_uri URL to the person registering the client..

    Condition: if op_policy_uri is given

    The registration process SHOULD display this URL to the person registering the client if it is given.

Validation Guidance

error

If op_policy_uri is present, verify that its value is a URL.

warning

If op_policy_uri is present in metadata used by a registration process, verify that the process displays the URL to the person registering the client.

Reference

Details

Entry Id
op_policy_uri
Metadata Name
op_policy_uri
Metadata Description
URL that the authorization server provides to the person registering the client to read about the authorization server's requirements on how the client can use the data provided by the authorization server
Change Controller
IESG
Reference
RFC8414 - Section 2