OAuth 2.0 - Extensibility


There are two ways in which the access token types can be defined −

  • By registering in the access token type's registry.

  • By using a unique absolute URI (Uniform Resource Identifier) as its name.

Defining New Endpoint Parameters

Parameter names must obey the param-name ABNF (Augmented Backus-Naur Form is a metalanguage based on Backus-Naur Form consisting of its own syntax and derivation rules) and the syntax of parameter values must be well-defined.

param-name = 1* name-char
name-char = "-" / "." / "_" / DIGIT / ALPHA

Defining New Authorization Grant Types

New authorization grant types can be assigned a distinct absolute URI for use, with the help of "grant_type" parameter. The extension grant type must be registered in the OAuth parameters registry, if it requires additional token endpoint parameters.

Defining New Authorization Endpoint Response Types

response-type = response-name *(SP response-name)
response-name = 1* response-char
response-char = "_" / DIGIT / ALPHA

The response type is compared as space-delimited list of values, if it has one or more space characters where the order of the values does not matter and only one order of value can be registered.

Defining Additional Error Codes

The extension error codes must be registered, if the extensions they use are either a registered access token, or a registered endpoint parameter. The error code must obey the error ABNF (Augmented Backus-Naur Form) and when possible it should be prefixed by a name identifying it.

error = 1 * error_char
error-char =  %x20-21 / %x23-5B / 5D-7E