OAuth 2.0 - Extensibility
There are two ways in which the access token types can be defined −
By registering in the access token type's registry.
By using a unique absolute URI (Uniform Resource Identifier) as its name.
Defining New Endpoint Parameters
Parameter names must obey the param-name ABNF (Augmented Backus-Naur Form is a metalanguage based on Backus-Naur Form consisting of its own syntax and derivation rules) and the syntax of parameter values must be well-defined.
param-name = 1* name-char name-char = "-" / "." / "_" / DIGIT / ALPHA
Defining New Authorization Grant Types
New authorization grant types can be assigned a distinct absolute URI for use, with the help of "grant_type" parameter. The extension grant type must be registered in the OAuth parameters registry, if it requires additional token endpoint parameters.
Defining New Authorization Endpoint Response Types
response-type = response-name *(SP response-name) response-name = 1* response-char response-char = "_" / DIGIT / ALPHA
The response type is compared as space-delimited list of values, if it has one or more space characters where the order of the values does not matter and only one order of value can be registered.
Defining Additional Error Codes
The extension error codes must be registered, if the extensions they use are either a registered access token, or a registered endpoint parameter. The error code must obey the error ABNF (Augmented Backus-Naur Form) and when possible it should be prefixed by a name identifying it.
error = 1 * error_char error-char = %x20-21 / %x23-5B / 5D-7E