none
Registry Context
The `none` token endpoint authentication method identifies a public client that has no client secret and does not authenticate at the token endpoint.
Technical Summary
RFC 7591 defines `none` as a `token_endpoint_auth_method` value for a public client, as defined by RFC 6749, that has no client secret. Registered authentication method names are case-sensitive.
When Used
Use `none` when registering a public client that will not authenticate at the token endpoint.
Normative Requirements
Authorization servers
RFC 6749 - Section 2.3
rely on public client authentication to identify the client.
Condition: when a client is public
The authorization server MUST NOT rely on public client authentication for the purpose of identifying the client.
Implementations
RFC 7591 - Section 2
implement and use the token_endpoint_auth_method client metadata field.
Condition: unless another provision states otherwise
The implementation and use of all client metadata fields is OPTIONAL, unless stated otherwise.
registration authorities
RFC 7591 - Section 4.2.1
accept a requested authentication method name that matches another registered name case-insensitively.
Condition: when registering a token endpoint authentication method name
Names that match other registered names in a case-insensitive manner SHOULD NOT be accepted.
Validation Guidance
Do not require support for the `token_endpoint_auth_method` metadata field solely because `none` is registered.
When registering a new authentication method name, reject or flag a case-insensitive collision with an existing registered name.
Do not treat a public client's identifier or other non-secret value as authenticated client identity.
Security Notes
RFC 6749 - Section 2.3
Public clients cannot securely authenticate by maintaining confidential client credentials; an authorization server must not rely on such authentication to establish client identity.
Reference
Details
- Entry Id
none- Token Endpoint Authentication Method Name
none- Change Controller
IESG- Reference
RFC7591