oauth2.dev

authorization_details

IETF

Registry Context

Conveys an access token's authorization details in a token introspection response using the authorization-details structure defined by RFC 9396.

Technical Summary

A top-level member of the RFC 7662 introspection response JSON object whose value uses the RFC 9396 Section 2 array-of-objects structure and may be filtered or extended for the requesting resource server.

When Used

When an authorization server includes authorization detail information for a token in an introspection response.

Normative Requirements

Authorization servers

MUST
1
  1. RFC 9396 - Section 9.2

    convey authorization detail information using `authorization_details` as a top-level member of the introspection response JSON object.

    Condition: If it includes authorization detail information for the token in its introspection response.

    the information MUST be conveyed with authorization_details as a top-level member

`authorization_details` array

MAY
1
  1. RFC 9396 - Section 2

    contain multiple entries of the same type.

    MAY contain multiple entries of the same type

`authorization_details` member

MUST
1
  1. RFC 9396 - Section 9.2

    contain the same structure defined in Section 2, potentially filtered and extended for the resource server making the introspection request.

    Condition: When included in the introspection response.

    MUST contain the same structure defined in Section 2

each authorization-details object

REQUIRED
1
  1. RFC 9396 - Section 2

    contain a `type` field identifying the authorization details type.

    Condition: For each object in the `authorization_details` array.

    This field is REQUIRED.

Validation Guidance

error

When authorization detail information is conveyed in an introspection response, verify that it appears in the top-level `authorization_details` member.

error

Verify that `authorization_details` is an array of objects and that every object contains a string-valued `type` field.

info

Permit multiple objects with the same `type` value in the `authorization_details` array.

Reference

Details

Entry Id
authorization_details
Name
authorization_details
Description
The member authorization_details contains a JSON array of JSON objects representing the rights of the access token. Each JSON object contains the data to specify the authorization requirements for a certain type of resource.
Change Controller
IETF
Reference
RFC9396 - Section 9.2