OAuth 2.0 - IANA Considerations


Advertisements


IANA stands for Internet Assigned Numbers Authority which provides the information about the registration values related to the Remote Authentication Dial In User Service (RADIUS).

IANA includes the following considerations −

OAuth Access Token Types Registry

OAuth access tokens are registered by experts with required specification. If they are satisfied with the registration, only then they will publish the specification. The registration request will be sent to the @ietf.org for reviewing with the subject ("Request for access token type: example"). Experts will either reject or accept the request within 14 days of the request.

Registration Template

The registration template contains the following specifications −

  • Type Name − It is the name of the request.

  • Token Endpoint Response Parameters − The additional access token response parameter will be registered separately in OAuth parameters registry.

  • HTTP Authentication Scheme − The HTTP authentication scheme can be used to authenticate the resources by using the access token.

  • Change Controller − Give the state name as "IETF" for standard track RFCs, and for others, use the name of the responsible party.

  • Specification Document − The specification document contains the parameter that can be used to retrieve a copy of the document.

OAuth Parameters Registry

OAuth parameters registry contains registration of authorization endpoint request or response, token endpoint request or response by the experts with the required specification. The registration request will be sent to the experts and if they are satisfied with registration, then they will publish the specification.

Registration Template

The registration template contains specifications such as Type Name, Change Controller and Specification Document as defined in the above OAuth Access Token Types Registry section, except the following specification −

Parameter Usage Location − It specifies the location of the parameter such as authorization request or response, token request or response.

Initial Registry Contents

The following table shows OAuth parameters registry containing the initial contents −

Sr.No. Parameter Name & Usage Location Change Controller Specification Document
1

client_id

authorization request, token request

IETF RFC 6749
2

client_secret

token request

IETF RFC 6749
3

response_type

authorization_request

IETF RFC 6749
4

redirect_uri

authorization request, authorization

IETF RFC 6749
5

scope

authorization request or response, token request or response

IETF RFC 6749
6

state

authorization request or response

IETF RFC 6749
7

code

token request, authorization response

IETF RFC 6749
8

error_description

authorization response, token response

IETF RFC 6749
9

error_uri

authorization response, token response

IETF RFC 6749
10

grant_type

token request

IETF RFC 6749
11

access_token

authorization response, token response

IETF RFC 6749
12

token_type

authorization response, token response

IETF RFC 6749
13

expires_in

authorization response, token response

IETF RFC 6749
14

username

token request

IETF RFC 6749
15

password

token request

IETF RFC 6749
16

refresh_token

token request, token response

IETF RFC 6749

OAuth Authorization Endpoint Response Type Registry

This can be used to define OAuth Authorization Endpoint Response Type Registry. The response types are registered by experts with the required specification and if they are satisfied with the registration, only then they will publish the specification. The registration request will be sent to the @ietf.org for reviewing. The experts will either reject or accept the request within 14 days of the request.

Registration Template

The registration template contains specifications such as Type Name, Change Controller and Specification Document as defined in the above OAuth Access Token Types Registry section.

Initial Registry Contents

The following table shows the authorization endpoint response type registry containing the initial contents.

Sr.No. Parameter Name Change Controller Specification Document
1 code IETF RFC 6749
2 token IETF RFC 6749

OAuth Extensions Error Registry

This can be used to define OAuth Extensions Error Registry. The error codes along with protocol extensions such as grant types, token types, etc. are registered by experts with the required specification. If they are satisfied with the registration, then they will publish the specification. The registration request will be sent to the @ietf.org for reviewing with subject ("Request for error code: example"). Experts will either reject or accept the request within 14 days of the request.

Registration Template

The registration template contains specifications such as Change Controller and Specification Document as defined in the above OAuth Access Token Types Registry section, except the following specifications −

  • Error Name − It is the name of the request.

  • Error Usage Location − It specifies the location of the error such as authorization code grant error response, implicit grant response or token error response, etc, which specifies where the error can be used.

  • Related Protocol Extension − You can use protocol extensions such as extension grant type, access token type, extension parameter, etc.



Advertisements
E-Books Store