tls_ client_ certificate_ bound_ access_ tokens
Registry Context
This optional authorization server metadata parameter indicates whether the server supports mutual-TLS client certificate-bound access tokens. If omitted, its default value is false.
Technical Summary
RFC 8705 Section 3.3 defines tls_client_certificate_bound_access_tokens as an optional Boolean authorization server metadata parameter that signals server support for mutual-TLS client certificate-bound access tokens. Its default value when omitted is false.
Normative Requirements
Authorization servers
RFC 8705 - Section 3.3
The tls_client_certificate_bound_access_tokens authorization server metadata parameter is optional..
“OPTIONAL. Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.”
Validation Guidance
When present, verify that tls_client_certificate_bound_access_tokens has a Boolean value.
If tls_client_certificate_bound_access_tokens is omitted, interpret its value as false.
Allow tls_client_certificate_bound_access_tokens to be absent from the authorization server metadata.
Reference
Details
- Entry Id
tls_client_ certificate_ bound_ access_ tokens - Metadata Name
tls_client_ certificate_ bound_ access_ tokens - Metadata Description
Indicates authorization server support for mutual-TLS client certificate-bound access tokens.- Change Controller
IESG- Reference
RFC8705 - Section 3.3