4. IANA Considerations

4.1. OAuth Dynamic Client Registration Metadata Registry

This specification establishes the "OAuth Dynamic Client Registration Metadata" registry.

OAuth registration client metadata names and descriptions are registered with a Specification Required ([RFC5226]) after a two-week review period on the [email protected] mailing list, on the advice of one or more Designated Experts. However, to allow for the allocation of names prior to publication, the Designated Experts may approve registration once they are satisfied that such a specification will be published, per [RFC7120].

Registration requests sent to the mailing list for review should use an appropriate subject (e.g., "Request to register OAuth Dynamic Client Registration Metadata name: example").

Within the review period, the Designated Experts will either approve or deny the registration request, communicating this decision to the review list and IANA. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful.

IANA must only accept registry updates from the Designated Experts and should direct all requests for registration to the review mailing list.

4.1.1. Registration Template

Client Metadata Name: The name requested (e.g., "example"). This name is case sensitive. Names that match other registered names in a case-insensitive manner SHOULD NOT be accepted.

Client Metadata Description: Brief description of the metadata value (e.g., "Example description").

Change Controller: For Standards Track RFCs, list "IESG". For others, give the name of the responsible party. Other details (e.g., postal address, email address, home page URI) may also be included.

Specification Document(s): Reference to the document or documents that specify the client metadata definition, preferably including a URI that can be used to retrieve a copy of the documents. An indication of the relevant sections may also be included but is not required.

4.1.2. Initial Registry Contents

The initial contents of the "OAuth Dynamic Client Registration Metadata" registry are:

Client Metadata Name: "redirect_uris"
Client Metadata Description: Array of redirection URIs for use in redirect-based flows
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "token_endpoint_auth_method"
Client Metadata Description: Requested authentication method for the token endpoint
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "grant_types"
Client Metadata Description: Array of OAuth 2.0 grant types that the client may use
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "response_types"
Client Metadata Description: Array of the OAuth 2.0 response types that the client may use
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "client_name"
Client Metadata Description: Human-readable name of the client to be presented to the user
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "client_uri"
Client Metadata Description: URL of a web page providing information about the client
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "logo_uri"
Client Metadata Description: URL that references a logo for the client
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "scope"
Client Metadata Description: Space-separated list of OAuth 2.0 scope values
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "contacts"
Client Metadata Description: Array of strings representing ways to contact people responsible for this client, typically email addresses
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "tos_uri"
Client Metadata Description: URL that points to a human-readable terms of service document for the client
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "policy_uri"
Client Metadata Description: URL that points to a human-readable policy document for the client
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "jwks_uri"
Client Metadata Description: URL referencing the client's JSON Web Key Set [RFC7517] document representing the client's public keys
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "jwks"
Client Metadata Description: Client's JSON Web Key Set [RFC7517] document representing the client's public keys
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "software_id"
Client Metadata Description: Identifier for the software that comprises a client
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "software_version"
Client Metadata Description: Version identifier for the software that comprises a client
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "client_id"
Client Metadata Description: Client identifier
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "client_secret"
Client Metadata Description: Client secret
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "client_id_issued_at"
Client Metadata Description: Time at which the client identifier was issued
Change Controller: IESG
Specification Document(s): RFC 7591
Client Metadata Name: "client_secret_expires_at"
Client Metadata Description: Time at which the client secret will expire
Change Controller: IESG
Specification Document(s): RFC 7591

4.2. OAuth Token Endpoint Authentication Methods Registry

This specification establishes the "OAuth Token Endpoint Authentication Methods" registry.

Additional values for use as "token_endpoint_auth_method" values are registered with a Specification Required ([RFC5226]) after a two-week review period on the [email protected] mailing list, on the advice of one or more Designated Experts. However, to allow for the allocation of values prior to publication, the Designated Experts may approve registration once they are satisfied that such a specification will be published, per [RFC7120].

Registration requests must be sent to the [email protected] mailing list for review and comment, with an appropriate subject (e.g., "Request to register token_endpoint_auth_method value: example").

IANA must only accept registry updates from the Designated Experts and should direct all requests for registration to the review mailing list.

4.2.1. Registration Template

Token Endpoint Authentication Method Name: The name requested (e.g., "example"). This name is case sensitive. Names that match other registered names in a case-insensitive manner SHOULD NOT be accepted.

Specification Document(s): Reference to the document or documents that specify the token endpoint authentication method, preferably including a URI that can be used to retrieve a copy of the document or documents. An indication of the relevant sections may also be included but is not required.

4.2.2. Initial Registry Contents

The initial contents of the "OAuth Token Endpoint Authentication Methods" registry are:

Token Endpoint Authentication Method Name: "none"
Change Controller: IESG
Specification Document(s): RFC 7591
Token Endpoint Authentication Method Name: "client_secret_post"
Change Controller: IESG
Specification Document(s): RFC 7591
Token Endpoint Authentication Method Name: "client_secret_basic"
Change Controller: IESG
Specification Document(s): RFC 7591

4.1. OAuth Dynamic Client Registration Metadata Registry​

4.1.1. Registration Template​

4.1.2. Initial Registry Contents​

4.2. OAuth Token Endpoint Authentication Methods Registry​

4.2.1. Registration Template​

4.2.2. Initial Registry Contents​