oauth2.dev

requested_token_type

IESG

Registry Context

`requested_token_type` is an optional token exchange request parameter that identifies the type of security token the client is requesting.

Technical Summary

In an RFC 8693 token exchange request, `requested_token_type` carries a token type identifier. Section 3 specifies that token type identifiers are URIs.

When Used

Use it when requesting a particular output token type in an OAuth 2.0 token exchange. If omitted, the authorization server chooses the issued token type.

Normative Requirements

Clients

OPTIONAL
1
  1. RFC 8693 - Section 2.1

    Include the `requested_token_type` parameter to identify the type of security token requested..

    Condition: When making a token exchange request.

    requested_token_type OPTIONAL. An identifier, as described in Section 3, for the type of the requested security token.

Unspecified actor

MAY
1
  1. RFC 8693 - Section 3

    Use token type identifier URIs other than those defined by RFC 8693 to indicate other token types..

    Other URIs MAY be used to indicate other token types.

Validation Guidance

info

Accept omission of `requested_token_type` as valid input.

error

When present, verify that `requested_token_type` is a URI representing a token type identifier.

info

Do not restrict the value to token type identifiers defined by RFC 8693; other URI identifiers are permitted.

info

Treat the value as an identifier describing the requested token type, not as the requested token itself.

Reference

Details

Entry Id
requested_token_type
Name
requested_token_type
Parameter Usage Location
token request
Change Controller
IESG
Reference
RFC8693 - Section 2.1