OAuth 2.0 Authorization Server Metadata

Fleeting

• Référence externe : https://datatracker.ietf.org/doc/html/rfc8414#section-1
• Référence externe : https://datatracker.ietf.org/doc/html/rfc8414#section-2
• Référence externe : https://datatracker.ietf.org/doc/html/rfc8414#section-3
• Référence externe : https://datatracker.ietf.org/doc/html/rfc8414
• see,
  • well-known uniform resource identifiers,
  • OpenID Connect Discovery,

metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server

— https://datatracker.ietf.org/doc/html/rfc8414#section-2

By default, the well-known URI string used is “/.well-known/oauth-authorization-server”.

— https://datatracker.ietf.org/doc/html/rfc8414#section-3

The following is a non-normative example response:

HTTP/1.1 200 OK Content-Type: application/json

{ “issuer”: “https://server.example.com”, “authorization_endpoint”: “https://server.example.com/authorize”, “token_endpoint”: “https://server.example.com/token”, “token_endpoint_auth_methods_supported”: [“client_secret_basic”, “private_key_jwt”], “token_endpoint_auth_signing_alg_values_supported”: [“RS256”, “ES256”], “userinfo_endpoint”: “https://server.example.com/userinfo”, “jwks_uri”: “https://server.example.com/jwks.json”, “registration_endpoint”: “https://server.example.com/register”, “scopes_supported”: [“openid”, “profile”, “email”, “address”, “phone”, “offline_access”], “response_types_supported”: [“code”, “code token”], “service_documentation”: “http://server.example.com/service_documentation.html”, “ui_locales_supported”: [“en-US”, “en-GB”, “en-CA”, “fr-FR”, “fr-CA”] }

— https://datatracker.ietf.org/doc/html/rfc8414#section-3

Authorization servers can have metadata describing their configuration. The following authorization server metadata values are used by this specification and are registered in the IANA “OAuth Authorization Server Metadata” registry established in Section 7.1:

[…]

jwks_uri

OPTIONAL. URL of the authorization server’s JWK Set [JWK] document. The referenced document contains the signing key(s) the client uses to validate signatures from the authorization server. This URL MUST use the “https” scheme. The JWK Set MAY also contain the server’s encryption key or keys, which are used by clients to encrypt requests to the server. When both signing and encryption keys are made available, a “use” (public key use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key’s intended usage.

— https://datatracker.ietf.org/doc/html/rfc8414#section-2

This specification generalizes the metadata format defined by “OpenID Connect Discovery 1.0” [OpenID.Discovery] in a way that is compatible with OpenID Connect Discovery while being applicable to a wider set of OAuth 2.0 use cases.

— https://datatracker.ietf.org/doc/html/rfc8414#section-1

Notes pointant ici

• how do I create an OAuth 2.0/OIDC resource server? (blog)
• How do you discover the OAuth2 server configuration?
• JSON Web Key Sets
• JWT Access Tokens profile for OAuth 2.0
• link with well-known/oauth-authorization-server and well-known/openid-configuration
• playing with auth0 for the first time

Permalink