OAuth 2.0 Authorization Server Issuer Identification

RFC 9207

Abstract

This document specifies a new parameter called iss. This parameter is used to explicitly include the issuer identifier of the authorization server in the authorization response of an OAuth authorization flow. The iss parameter serves as an effective countermeasure to "mix-up attacks".

Document Information

RFC Number: 9207
Category: Standards Track
Published: March 2022
Authors:
- Karsten Meyer zu Selhausen (Hackmanit)
- Daniel Fett (yes.com)

Introduction
Response Parameter iss
Authorization Server Metadata
Security Considerations
IANA Considerations
References

Acknowledgements
Authors' Addresses

Abstract​

Document Information​

Table of Contents​

Abstract

Document Information

Table of Contents