client_ secret_ expires_ at
Registry Context
When an authorization server issues a client secret, the client information response is required to include `client_secret_expires_at`, indicating when the secret expires or using `0` if it does not expire.
Technical Summary
RFC 7591 defines `client_secret_expires_at` in the client information response. It is REQUIRED if `client_secret` is issued. Its value is the expiration time expressed as seconds since 1970-01-01T00:00:00Z, measured in UTC, or `0` if the secret will not expire.
When Used
Used in a dynamic client registration client information response when the authorization server issues a `client_secret`.
Normative Requirements
Authorization servers
RFC 7591 - Section 3.2.1
include `client_secret_expires_at` in the client information response.
Condition: if `client_secret` is issued
`client_secret_expires_at` is "REQUIRED if \"client_secret\" is issued."
Validation Guidance
Reject a client information response that contains `client_secret` but omits `client_secret_expires_at`.
Validate that a nonzero value represents seconds from 1970-01-01T00:00:00Z, measured in UTC, until the expiration date and time.
Accept `0` to indicate that the client secret will not expire.
Reference
Details
- Entry Id
client_secret_ expires_ at - Client Metadata Name
client_secret_ expires_ at - Client Metadata Description
Time at which the client secret will expire- Change Controller
IESG- Reference
RFC7591