Skip to main content

6. IANA Considerations

IANA has made the following registrations per this document.

6.1 OAuth Parameters Registry

This specification registers the following parameters in the IANA "OAuth Parameters" registry defined in OAuth 2.0 [RFC6749].

  • Parameter name: code_verifier
  • Parameter usage location: token request
  • Change controller: IESG
  • Specification document(s): RFC 7636 (this document)

  • Parameter name: code_challenge
  • Parameter usage location: authorization request
  • Change controller: IESG
  • Specification document(s): RFC 7636 (this document)

  • Parameter name: code_challenge_method
  • Parameter usage location: authorization request
  • Change controller: IESG
  • Specification document(s): RFC 7636 (this document)

6.2 PKCE Code Challenge Method Registry

This specification establishes the "PKCE Code Challenge Methods" registry. The new registry should be a sub-registry of the "OAuth Parameters" registry.

Additional "code_challenge_method" types for use with the authorization endpoint are registered using the Specification Required policy [RFC5226], which includes review of the request by one or more Designated Experts (DEs). The DEs will ensure that there is at least a two-week review of the request on the [email protected] mailing list and that any discussion on that list converges before they respond to the request. To allow for the allocation of values prior to publication, the Designated Expert(s) may approve registration once they are satisfied that an acceptable specification will be published.

Registration requests and discussion on the [email protected] mailing list should use an appropriate subject, such as "Request for PKCE code_challenge_method: example".

The Designated Expert(s) should consider the discussion on the mailing list, as well as the overall security properties of the challenge method when evaluating registration requests. New methods should not disclose the value of the code_verifier in the request to the Authorization endpoint. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful.

6.2.1 Registration Template

Code Challenge Method Parameter Name: : The name requested (e.g., "example"). Because a core goal of this specification is for the resulting representations to be compact, it is RECOMMENDED that the name be short -- not to exceed 8 characters without a compelling reason to do so. This name is case-sensitive. Names may not match other registered names in a case-insensitive manner unless the Designated Expert(s) states that there is a compelling reason to allow an exception in this particular case.

Change Controller: : For Standards Track RFCs, state "IESG". For others, give the name of the responsible party. Other details (e.g., postal address, email address, and home page URI) may also be included.

Specification Document(s): : Reference to the document(s) that specifies the parameter, preferably including URI(s) that can be used to retrieve copies of the document(s). An indication of the relevant sections may also be included but is not required.

6.2.2 Initial Registry Contents

Per this document, IANA has registered the Code Challenge Method Parameter Names defined in Section 4.2 in this registry.

  • Code Challenge Method Parameter Name: plain
  • Change Controller: IESG
  • Specification Document(s): Section 4.2 of RFC 7636 (this document)

  • Code Challenge Method Parameter Name: S256
  • Change Controller: IESG
  • Specification Document(s): Section 4.2 of RFC 7636 (this document)
Last updated on