Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7521, “Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants”, is a Proposed Standard document published in May 2015 by B. Campbell, C. Mortimore, M. Jones, Y. Goland. The canonical text is published by the RFC Editor.
Abstract
This specification provides a framework for the use of assertions with OAuth 2.0 in the form of a new client authentication mechanism and a new authorization grant type. Mechanisms are specified for transporting assertions during interactions with a token endpoint; general processing rules are also specified.
The intent of this specification is to provide a common framework for OAuth 2.0 to interwork with other identity systems using assertions and to provide alternative client authentication mechanisms.
Note that this specification only defines abstract message flows and processing rules. In order to be implementable, companion specifications are necessary to provide the corresponding concrete instantiations.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7521 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7520 Examples of Protecting Content Using JSON Object Signing and Encryption
- RFC 7522 Security Assertion Markup Language 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
- RFC 7519 JSON Web Token
- RFC 7523 JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants
- RFC 7518 JSON Web Algorithms
- RFC 7524 Inter-Area Point-to-Multipoint Segmented Label Switched Paths
- RFC 7517 JSON Web Key
- RFC 7525 Recommendations for Secure Use of Transport Layer Security and Datagram Transport Layer Security