oauth2.dev

actor_token

IESG

Registry Context

An optional token exchange request parameter containing a security token that represents the acting party's identity.

Technical Summary

In an RFC 8693 token exchange request, actor_token represents the acting party. When present, actor_token_type is required, and the authorization server validates the actor token according to its indicated token type.

When Used

Used when a token exchange involves an acting party, typically one authorized to use the requested security token and act on behalf of the subject.

Normative Requirements

Clients

MUST NOT
1
  1. RFC 8693 - Section 2.1

    include actor_token_type..

    Condition: When actor_token is absent from the request.

    actor_token_type MUST NOT be included otherwise.

REQUIRED
1
  1. RFC 8693 - Section 2.1

    include actor_token_type..

    Condition: When actor_token is present in the request.

    This is REQUIRED when the actor_token parameter is present in the request.

OPTIONAL
1
  1. RFC 8693 - Section 2.1

    The actor_token parameter is optional in a token exchange request..

    Condition: When making an OAuth 2.0 token exchange request.

    actor_token OPTIONAL. A security token that represents the identity of the acting party.

Authorization servers

MUST
1
  1. RFC 8693 - Section 2.1

    perform the appropriate validation procedures for the actor token's indicated token type..

    Condition: When actor_token is present in the request.

    the authorization server MUST perform the appropriate validation procedures for the indicated token type and, if the actor token is present, also perform the appropriate validation procedures for its indicated token type.

Validation Guidance

error

Verify that actor_token_type is included whenever actor_token is present.

error

Verify that actor_token_type is not included when actor_token is absent.

error

When actor_token is present, validate it using the procedures appropriate for the token type indicated by actor_token_type.

info

Do not require actor_token in every token exchange request.

Reference

Details

Entry Id
actor_token
Name
actor_token
Parameter Usage Location
token request
Change Controller
IESG
Reference
RFC8693 - Section 2.1