Skip to content

Releases: oauth-wg/draft-ietf-oauth-client-id-metadata-document

Draft -00

08 Oct 18:44
@aaronpk aaronpk
draft-ietf-oauth-client-id-metadata-document-00
111fe8d

Choose a tag to compare

View all tags
Draft -00 Latest
Latest

Copy of previous individual draft as an adopted draft

Assets 2
Loading

Draft -03

23 Jul 01:25
@aaronpk aaronpk
draft-parecki-oauth-client-id-metadata-document-03
3aafad4

Choose a tag to compare

View all tags
Draft -03
  • Prohibit all forms of symmetric client authentication, not just client secret
  • Added recommendations for development when clients are not on the web
  • Added reference to HTTP Caching RFC9111
  • Added security considerations around domain trust and changes in client keys
  • Updated references
Loading

Draft -02

10 Jan 00:54
@aaronpk aaronpk
draft-parecki-oauth-client-id-metadata-document-02
d69da84
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Draft -02
  • Added security consideration around displaying logos to end users
  • Changed query string parameters in Client ID Metadata Document URLs to "SHOULD NOT", since this encourages bad security practices (e.g., minting documents based on query string parameters)
  • Added prohibition on the client_secret_expires_at property, as it is not relevant for Client ID Metadata Documents.
  • Added security consideration for development use-cases.
Loading

Draft -01

08 Jul 16:25
@aaronpk aaronpk
draft-parecki-oauth-client-id-metadata-document-01
bab0ab4

Choose a tag to compare

View all tags
Draft -01
  • Added recommendation of max metadata document size
  • Changed metadata property reference to IANA registry instead of Dynamic Client Registration
Loading

Draft -00

02 Jul 21:13
@aaronpk aaronpk
draft-parecki-oauth-client-id-metadata-document-00
4acdf47

Choose a tag to compare

View all tags
Draft -00

Initial publication

Loading