oauth2.dev

tls_client_certificate_bound_access_tokens

IESG

Registry Context

This optional authorization server metadata parameter indicates whether the server supports mutual-TLS client certificate-bound access tokens. If omitted, its default value is false.

Technical Summary

RFC 8705 Section 3.3 defines tls_client_certificate_bound_access_tokens as an optional Boolean authorization server metadata parameter that signals server support for mutual-TLS client certificate-bound access tokens. Its default value when omitted is false.

Normative Requirements

Authorization servers

OPTIONAL
1
  1. RFC 8705 - Section 3.3

    The tls_client_certificate_bound_access_tokens authorization server metadata parameter is optional..

    “OPTIONAL. Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.”

Validation Guidance

error

When present, verify that tls_client_certificate_bound_access_tokens has a Boolean value.

info

If tls_client_certificate_bound_access_tokens is omitted, interpret its value as false.

info

Allow tls_client_certificate_bound_access_tokens to be absent from the authorization server metadata.

Reference

Details

Entry Id
tls_client_certificate_bound_access_tokens
Metadata Name
tls_client_certificate_bound_access_tokens
Metadata Description
Indicates authorization server support for mutual-TLS client certificate-bound access tokens.
Change Controller
IESG
Reference
RFC8705 - Section 3.3