That is what I tried to propose to OSW and former IETF meetings through: https://github.com/identitymonk/draft-lombardo-oauth-client-extension-claims
it was for Claims in tokens but surely would applied to CIMD which I what I think you point at too on top of OAuth 2.1 Jean-François “Jeff” Lombardo | Amazon Web Services Architecte Principal de Solutions, Spécialiste de Sécurité Principal Solution Architect, Security Specialist Montréal, Canada Commentaires à propos de notre échange? Exprimez-vous ici. Thoughts on our interaction? Provide feedback here. -----Original Message----- From: Emelia S. <[email protected]> Sent: March 5, 2026 1:32 PM To: [email protected] Subject: [EXT] [OAUTH-WG] Is there an IANA Registry for Grant Types? CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque. Hi all, I just noticed that there doesn't seem to be an explicit registry of OAuth Grant Types defined anywhere, should there be such a registry kept with IANA for standardized grant types? https://datatracker.ietf.org/doc/html/rfc6749#section-8.3 > Defining New Authorization Grant Types New authorization grant types > can be defined by assigning them a unique absolute URI for use with the > "grant_type" parameter. If the extension grant type requires additional token > endpoint parameters, they MUST be registered in the OAuth Parameters registry > as described by Section 11.2. This just says the additional parameters must be registered, but nothing about the grant type itself besides it must be an absolute URI (urn's are often used). Would it be worth defining an explicit registry with IANA as part of OAuth 2.1? Yours, Emelia Smith _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
