oauth2.dev

revocation_endpoint_auth_methods_supported

IESG

Registry Context

This optional authorization server metadata field lists the client authentication methods supported by the revocation endpoint. If omitted, the default is client_secret_basic.

Technical Summary

revocation_endpoint_auth_methods_supported is an OPTIONAL OAuth Authorization Server Metadata member defined by RFC 8414 Section 2. Its value is a JSON array of client authentication method values registered in the IANA OAuth Token Endpoint Authentication Methods registry. If omitted, client_secret_basic is the default.

When Used

Published in OAuth authorization server metadata to describe client authentication methods supported by the revocation endpoint.

Normative Requirements

Authorization server metadata publishers

MUST NOT
1
  1. RFC 8414 - Section 2

    use none as a value in revocation_endpoint_auth_signing_alg_values_supported.

    Condition: when publishing signing algorithms supported for revocation endpoint client authentication

    The value "none" MUST NOT be used.

MUST
1
  1. RFC 8414 - Section 2

    include revocation_endpoint_auth_signing_alg_values_supported.

    Condition: if private_key_jwt or client_secret_jwt is specified in revocation_endpoint_auth_methods_supported

    This metadata entry MUST be present if either of these authentication methods are specified in the "revocation_endpoint_auth_methods_supported" entry.

OPTIONAL
1
  1. RFC 8414 - Section 2

    include the revocation_endpoint_auth_methods_supported metadata member.

    Condition: when publishing OAuth authorization server metadata

    OPTIONAL.

Validation Guidance

error

If the member is present, verify that its value is a JSON array.

error

Verify that every array element is registered in the IANA OAuth Token Endpoint Authentication Methods registry.

info

If the member is absent, apply client_secret_basic as the default.

error

If private_key_jwt or client_secret_jwt is listed, require revocation_endpoint_auth_signing_alg_values_supported.

error

Reject none in revocation_endpoint_auth_signing_alg_values_supported.

Reference

Details

Entry Id
revocation_endpoint_auth_methods_supported
Metadata Name
revocation_endpoint_auth_methods_supported
Metadata Description
JSON array containing a list of client authentication methods supported by this revocation endpoint
Change Controller
IESG
Reference
RFC8414 - Section 2