OAuth 2.0 Authorization Server Issuer Identification
RFC 9207, “OAuth 2.0 Authorization Server Issuer Identification”, is a Proposed Standard document published in March 2022 by K. Meyer zu Selhausen, D. Fett. The canonical text is published by the RFC Editor.
Abstract
This document specifies a new parameter called iss. This parameter is used to explicitly include the issuer identifier of the authorization server in the authorization response of an OAuth authorization flow. The iss parameter serves as an effective countermeasure to "mix-up attacks".
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9207 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9206 Commercial National Security Algorithm Suite Cryptography for Internet Protocol Security
- RFC 9208 IMAP QUOTA Extension
- RFC 9205 Building Protocols with HTTP
- RFC 9209 The Proxy-Status HTTP Response Header Field
- RFC 9204 QPACK: Field Compression for HTTP/3
- RFC 9210 DNS Transport over TCP - Operational Requirements
- RFC 9203 The Object Security for Constrained RESTful Environments Profile of the Authentication and Authorization for Constrained Environments Framework
- RFC 9211 The Cache-Status HTTP Response Header Field