3. IANA Considerations
3.1. OAuth Token Introspection Response Registry
This specification establishes the "OAuth Token Introspection Response" registry.
OAuth registration client metadata names and descriptions are registered by Specification Required [RFC5226] after a two-week review period on the [email protected] mailing list, on the advice of one or more Designated Experts. However, to allow for the allocation of names prior to publication, the Designated Expert(s) may approve registration once they are satisfied that such a specification will be published.
Registration requests sent to the mailing list for review should use an appropriate subject (e.g., "Request to register OAuth Token Introspection Response name: example").
Within the review period, the Designated Expert(s) will either approve or deny the registration request, communicating this decision to the review list and IANA. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful.
IANA must only accept registry updates from the Designated Expert(s) and should direct all requests for registration to the review mailing list.
3.1.1. Registration Template
Name: The name requested (e.g., "example"). This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted. Names that match claims registered in the "JSON Web Token Claims" registry established by [RFC7519] SHOULD have comparable definitions and semantics.
Description: Brief description of the metadata value (e.g., "Example description").
Change controller: For Standards Track RFCs, state "IESG". For other documents, give the name of the responsible party. Other details (e.g., postal address, email address, home page URI) may also be included.
Specification document(s): Reference to the document(s) that specify the token endpoint authorization method, preferably including a URI that can be used to retrieve a copy of the document(s). An indication of the relevant sections may also be included but is not required.
3.1.2. Initial Registry Contents
The initial contents of the "OAuth Token Introspection Response" registry are as follows:
- Name: "active"
- Description: Token active status
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "username"
- Description: User identifier of the resource owner
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "client_id"
- Description: Client identifier of the client
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "scope"
- Description: Authorized scopes of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "token_type"
- Description: Type of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "exp"
- Description: Expiration timestamp of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "iat"
- Description: Issuance timestamp of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "nbf"
- Description: Timestamp before which the token is not valid
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "sub"
- Description: Subject of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "aud"
- Description: Audience of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "iss"
- Description: Issuer of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).
- Name: "jti"
- Description: Unique identifier of the token
- Change Controller: IESG
- Specification Document(s): Section 2.2 of RFC 7662 (this document).