3.4. Client Registration Metadata

The following new client metadata parameter is introduced to convey the client's intention to use certificate-bound access tokens:

tls_client_certificate_bound_access_tokens

OPTIONAL. Boolean value used to indicate the client's intention to use mutual-TLS client certificate-bound access tokens. If omitted, the default value is false.

Note that if a client that has indicated the intention to use mutual-TLS client certificate-bound tokens makes a request to the token endpoint over a non-mutual-TLS connection, it is at the authorization server's discretion as to whether to return an error or issue an unbound token.