Skip to content

Releases: oauth-wg/oauth-identity-assertion-authz-grant

version -01

19 Oct 19:39
@aaronpk aaronpk
draft-ietf-oauth-identity-assertion-authz-grant-01
390651e

Choose a tag to compare

View all tags
version -01 Latest
Latest
  • Moved ID-JAG definition to document root instead of nested under Token Exchange
  • Added proposed OpenID Connect tenant claim
  • Added authentication claims from ID Token
  • Adopted standard OAuth 2.0 role names instead of Resource App or Resource App's Authorization Server
  • Updated sequence diagram
  • Updated all inconsistent references of ID-JAG to "Identity Assertion JWT Authorization Grant"
  • Updated section references with more specific links
  • Added reference to scope parameter in ID-JAG processing rules
  • Added a section discussing client ID mapping and reference to Client ID Metadata Document
  • Added recommendations for refresh tokens
Assets 2
Loading

version -00

08 Sep 20:55
@aaronpk aaronpk
draft-ietf-oauth-identity-assertion-authz-grant-00
52f8cb0

Choose a tag to compare

View all tags
version -00

Adopted by the WG as of 2025-09-08

https://mailarchive.ietf.org/arch/msg/oauth/UWl5i5ScHo6XBqqILFRu4rE91Cc/

Same content as -05 of the individual draft

Loading

draft-parecki-oauth-identity-assertion-authz-grant-05

02 Jul 23:18
@aaronpk aaronpk
draft-parecki-oauth-identity-assertion-authz-grant-05
b20976d

Choose a tag to compare

View all tags
draft-parecki-oauth-identity-assertion-authz-grant-05

Changes

  • use both audience and resource to identify the resource application in #27
  • Add optional resource to indicate the resource server identifier
  • Added a section on how to advertise support in the IdP metadata
Loading

draft-parecki-oauth-identity-assertion-authz-grant-04

20 Jun 23:16
@aaronpk aaronpk
draft-parecki-oauth-identity-assertion-authz-grant-04
5be151b

Choose a tag to compare

View all tags
draft-parecki-oauth-identity-assertion-authz-grant-04
  • Rewrote intro
  • Standardizes agent.read scope syntax
  • Improved section references to other specs
  • Editorial clarifications
  • Updated references to RFC9728
  • Changed "SHOULD NOT" to "MUST NOT" issue access tokens in response to an ID-JAG it issued itself

Thanks for the contributions and reviews: Kamron Batmanghelich, Sofia Desenberg, Pieter Kasselman, Kai Lehmann, Dean H. Saxe.

Full Changelog: draft-parecki-oauth-identity-assertion-authz-grant-03...draft-parecki-oauth-identity-assertion-authz-grant-04

Loading

draft-parecki-oauth-identity-assertion-authz-grant-03

23 Apr 00:09
@aaronpk aaronpk
draft-parecki-oauth-identity-assertion-authz-grant-03
b6b8d60

Choose a tag to compare

View all tags
draft-parecki-oauth-identity-assertion-authz-grant-03

Contributors

mcguinness
Loading

Draft -02

20 Oct 21:48
@aaronpk aaronpk
draft-parecki-oauth-identity-assertion-authz-grant-02
47797f7

Choose a tag to compare

View all tags
Draft -02
  • Changed the aud property to the Issuer URL instead of the token endpoint
Loading

Draft -01

02 Jul 20:29
@aaronpk aaronpk
draft-parecki-oauth-identity-assertion-authz-grant-01
892c9a3

Choose a tag to compare

View all tags
Draft -01
  • Corrected the scope property in the JWT to match token exchange and JWT access token profile
  • Formatting and editorial fixes
  • Updated definitions of ID-JAG properties
Loading

Draft -00

02 Mar 01:22
@aaronpk aaronpk
draft-parecki-oauth-identity-assertion-authz-grant-00
7a2f156

Choose a tag to compare

View all tags
Draft -00

initial publication

Loading