oauth2.dev

actor_token_type

IESG

Registry Context

`actor_token_type` identifies the type of security token supplied in `actor_token`. It is required when `actor_token` is present and must not be included otherwise. Token type identifiers are URIs.

Technical Summary

In an RFC 8693 token exchange request, `actor_token_type` is the token type identifier for `actor_token`. The authorization server must apply the validation procedures appropriate to the indicated actor token type when an actor token is present.

When Used

Used in OAuth 2.0 Token Exchange requests that include an `actor_token` representing the acting party.

Normative Requirements

Clients

MUST NOT
1
  1. RFC 8693 - Section 2.1

    Include `actor_token_type` in the token exchange request..

    Condition: When `actor_token` is absent from the request.

    MUST NOT be included otherwise.

REQUIRED
1
  1. RFC 8693 - Section 2.1

    Include `actor_token_type` in the token exchange request..

    Condition: When `actor_token` is present in the request.

    This is REQUIRED when the actor_token parameter is present in the request.

MAY
1
  1. RFC 8693 - Section 3

    Use another URI to indicate an additional token type..

    Condition: When none of the token type identifiers defined by RFC 8693 is appropriate.

    Other URIs MAY be used to indicate other token types.

Authorization servers

MUST
1
  1. RFC 8693 - Section 2.1

    Perform the validation procedures appropriate for the actor token's indicated token type..

    Condition: When an actor token is present.

    The authorization server MUST perform the appropriate validation procedures for the indicated token type and, if the actor token is present, also perform the appropriate validation procedures for its indicated token type.

Validation Guidance

error

Reject requests that include `actor_token` without `actor_token_type`.

error

Reject requests that include `actor_token_type` without `actor_token`.

error

Verify that `actor_token_type` is a URI identifying the supplied actor token's type.

error

Validate the actor token using the procedures appropriate for the token type identified by `actor_token_type`.

Security Notes

RFC 8693 - Section 2.1

When an actor token is present, the authorization server must validate it using the procedures appropriate for its indicated token type.

Reference

Details

Entry Id
actor_token_type
Name
actor_token_type
Parameter Usage Location
token request
Change Controller
IESG
Reference
RFC8693 - Section 2.1