revocation_ endpoint_ auth_ methods_ supported
Registry Context
This optional authorization server metadata field lists the client authentication methods supported by the revocation endpoint. If omitted, the default is client_secret_basic.
Technical Summary
revocation_endpoint_auth_methods_supported is an OPTIONAL OAuth Authorization Server Metadata member defined by RFC 8414 Section 2. Its value is a JSON array of client authentication method values registered in the IANA OAuth Token Endpoint Authentication Methods registry. If omitted, client_secret_basic is the default.
When Used
Published in OAuth authorization server metadata to describe client authentication methods supported by the revocation endpoint.
Normative Requirements
Authorization server metadata publishers
RFC 8414 - Section 2
use none as a value in revocation_endpoint_auth_signing_alg_values_supported.
Condition: when publishing signing algorithms supported for revocation endpoint client authentication
The value "none" MUST NOT be used.
RFC 8414 - Section 2
include revocation_endpoint_auth_signing_alg_values_supported.
Condition: if private_key_jwt or client_secret_jwt is specified in revocation_endpoint_auth_methods_supported
This metadata entry MUST be present if either of these authentication methods are specified in the "revocation_endpoint_auth_methods_supported" entry.
RFC 8414 - Section 2
include the revocation_endpoint_auth_methods_supported metadata member.
Condition: when publishing OAuth authorization server metadata
OPTIONAL.
Validation Guidance
If the member is present, verify that its value is a JSON array.
Verify that every array element is registered in the IANA OAuth Token Endpoint Authentication Methods registry.
If the member is absent, apply client_secret_basic as the default.
If private_key_jwt or client_secret_jwt is listed, require revocation_endpoint_auth_signing_alg_values_supported.
Reject none in revocation_endpoint_auth_signing_alg_values_supported.
Reference
Details
- Entry Id
revocation_endpoint_ auth_ methods_ supported - Metadata Name
revocation_endpoint_ auth_ methods_ supported - Metadata Description
JSON array containing a list of client authentication methods supported by this revocation endpoint- Change Controller
IESG- Reference
RFC8414 - Section 2