issued_
Registry Context
In a successful token exchange response, `issued_token_type` identifies the representation of the security token issued by the authorization server.
Technical Summary
RFC 8693 defines `issued_token_type` as a required top-level JSON member of a successful token exchange response. Its value is a token type identifier described in Section 3; token type identifiers are URIs.
When Used
Used in successful OAuth 2.0 token exchange responses to identify the representation of the issued security token.
Normative Requirements
Authorization servers
RFC 8693 - Section 2.2.1
include `issued_token_type` with a Section 3 identifier for the representation of the issued security token.
Condition: when constructing a successful token exchange response
“issued_token_type REQUIRED. An identifier, as described in Section 3, for the representation of the issued security token.”
Unspecified actor
RFC 8693 - Section 3
use other URI token type identifiers to indicate token types not defined by RFC 8693.
Condition: when indicating other token types
“Other URIs MAY be used to indicate other token types.”
Validation Guidance
Ensure `issued_token_type` is present in every successful token exchange response and identifies the representation of the issued security token.
Ensure the `issued_token_type` value is a URI.
Permit URI token type identifiers beyond those defined by RFC 8693.
Reference
Details
- Entry Id
issued_token_ type - Name
issued_token_ type - Parameter Usage Location
token response- Change Controller
IESG- Reference
RFC8693 - Section 2.2.1