tls_
Registry Context
This optional client metadata flag indicates that the client intends to use mutual-TLS client certificate-bound access tokens. If omitted, its default value is false.
Technical Summary
RFC 8705 Section 3.4 defines `tls_client_certificate_bound_access_tokens` as an optional Boolean client metadata parameter conveying the client's intention to use mutual-TLS client certificate-bound access tokens. Omission defaults to false. If a client indicating this intention requests a token over a non-mutual-TLS connection, the authorization server may, at its discretion, return an error or issue an unbound token.
When Used
Used as client registration metadata to convey an intention to use mutual-TLS client certificate-bound access tokens.
Normative Requirements
Clients
RFC 8705 - Section 3.4
include the Boolean `tls_client_certificate_bound_access_tokens` metadata parameter to indicate an intention to use mutual-TLS client certificate-bound access tokens.
Condition: when supplying client registration metadata
“OPTIONAL. Boolean value used to indicate the client's intention to use mutual-TLS client certificate-bound access tokens.”
Validation Guidance
If present, verify that `tls_client_certificate_bound_access_tokens` is a Boolean value.
If omitted, interpret `tls_client_certificate_bound_access_tokens` as false.
Reference
Details
- Entry Id
tls_client_ certificate_ bound_ access_ tokens - Client Metadata Name
tls_client_ certificate_ bound_ access_ tokens - Client Metadata Description
Indicates the client's intention to use mutual-TLS client certificate-bound access tokens.- Change Controller
IESG- Reference
RFC8705 - Section 3.4