oauth2.dev

contacts

IESG

Registry Context

Contact information for people responsible for an OAuth client, typically email addresses. The authorization server may expose these addresses to end-users for client support.

Technical Summary

The `contacts` client metadata field is a JSON array of strings representing ways to contact people responsible for the client.

When Used

Used in client registration metadata to provide support or administrative contact details for the client.

Normative Requirements

Authorization servers

MAY
1
  1. RFC 7591 - Section 2

    Make the contact addresses available to end-users for client support requests..

    Condition: When processing or presenting the `contacts` metadata.

    The authorization server MAY make these contact addresses available to end-users for support requests for the client.

Implementations

OPTIONAL
1
  1. RFC 7591 - Section 2

    Implement and use the `contacts` client metadata field optionally, unless stated otherwise by an applicable specification..

    The implementation and use of all client metadata fields is OPTIONAL, unless stated otherwise.

Validation Guidance

error

When present, verify that `contacts` is a JSON array and that every array element is a string.

Security Notes

RFC 7591 - Section 6

Contact information can be exposed to end-users and will be available to authorization server administrators, creating a privacy consideration for the responsible parties.

Reference

Details

Entry Id
contacts
Client Metadata Name
contacts
Client Metadata Description
Array of strings representing ways to contact people responsible for this client, typically email addresses
Change Controller
IESG
Reference
RFC7591