In collaboration with Aaron Parecki<https://twitter.com/aaronpk>, the ability 
for OAuth 2.0 protected resource servers to return their resource identifiers 
via WWW-Authenticate has been added to the OAuth 2.0 Protected Resource 
Metadata specification. This enables clients to dynamically learn about and use 
protected resources they may have no prior knowledge of, including learning 
what authorization servers can be used with them.



This incorporates functionality originally incubated in 
draft-parecki-oauth-authorization-server-discovery-00<https://www.ietf.org/archive/id/draft-parecki-oauth-authorization-server-discovery-00.html>.
 Aaron and I had been asked to merge the functionality of our two drafts during 
an OAuth working group session at IETF 116. We're both happy with the result!



The specification is available at:
*        
https://www.ietf.org/archive/id/draft-jones-oauth-resource-metadata-04.html

                                                       -- Mike

P.S.  This notice was also posted at https://self-issued.info/?p=2377 and was 
referenced from https://twitter.com/selfissued/status/1677471513023508481.

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to