One document matched: draft-wmills-oauth-lrdd-07.xml
<?xml version="1.0"?>
<!DOCTYPE rfc SYSTEM 'rfc2629.dtd'>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc compact="no" ?>
<?rfc sortrefs="yes" ?>
<?rfc strict="yes" ?>
<?rfc linkmailto="yes" ?>
<rfc ipr="trust200902" docName="draft-wmills-oauth-lrdd-07.txt" category="info">
<front>
<title abbrev="Link Relation Registrations for OAuth 2">Link relation Type Registrations for OAuth 2</title>
<author fullname="William J. Mills" initials="W." surname="Mills">
<organization>Yahoo! Inc.</organization>
<address>
<postal>
<street/>
<city/>
<code/>
<region/>
<country/>
</postal>
<phone/>
<email>wmills_92105@yahoo.com</email>
</address>
</author>
<date year="2013"/>
<workgroup>Individual</workgroup>
<abstract>
<t>
Defines link relation type registrations for the OAuth 2
authentication framework and OAuth 1.0a.
</t>
</abstract>
</front>
<middle>
<!-- ******************************************************************** -->
<section title="Introduction">
<t>This document defines the link relation type <xref target="RFC5988"/> registrations for the
OAuth 2 <xref target="RFC6749"/> authentication framework and
for OAuth 1.0a <xref target="RFC5849"/>.
These link relation types are used during the discovery process by clients needing
to discover the entry points for OAuth authorization, token, and initiation for a service or site.
</t>
</section>
<!-- ******************************************************************** -->
<section anchor="terminology" title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in
<xref target="RFC2119"/>.</t>
<t>The reader is assumed to be familiar with the terms used in the OAuth 2
and OAuth 1.0a specifcations. OAuth uses the term "endpoint" instead of "entry point", this
document will generlaly use the term "entry point" unless an OAuth specific term is needed.</t>
</section>
<!-- ******************************************************************** -->
<section title="OAuth 2 Link Relation Types">
<t>OAuth 2 <xref target="RFC6749"/> defines two entry points which
a site or domain might need to advertize. These are the user authorization
endpoint (usually expected to be a web page the user interacts with) and the
token endpoint used for obtaining tokens used to access protected resources.
These are described in detail in Section 3 of the OAuth 2 specification.
</t>
<section title='The "oauth2-authorize" Link Relation Type'>
<t>
This link type indicates a resource that provides an OAuth 2 authorization endpoint
to be used for user authentication/authorization to grant access to
a protected resource.
</t>
</section>
<section title='The "oauth2-token" Link Relation Type'>
<t>
The OAuth 2 token endpoint to be used for obtaining tokens
to access protected services. This link type has two link-extensions:
<list><t>
<list style="hanging">
<t hangText="grant-types:">A space separated list of OAuth 2 grant
types (see section 4 of <xref target="RFC6749"/>) that can be
used at the token endpoint
to obtain a token. This is not an exclusive list, it provides a hint
to the application of what SHOULD be valid. A token endpoint MAY support
additional grant types not advertised by a discovery service. The client
MAY use this to determine the grant types available for use.
</t>
<t hangText="token-types:">A space separated list of OAuth 2 token types
(see section 7.1 of <xref target="RFC6749"/>)
that may be issued by the token endpoint. It is possible for a token endpoint
to issue multiple tokens, and types may vary based on scope or other factors.
This is not an exclusive list, it provides a hint
to the application of what SHOULD be valid, and it MAY be used by a client
to determine if the client supports one or more of the token type(s) available.
</t>
</list>
</t></list>
</t>
</section>
</section>
<section title="OAuth 1.0a Link Relation Types">
<t>
The OAuth 1.0a <xref target="RFC5849"/> protocol defines three entry points that a site
supporting OAuth 1.0a might advertize: the request
initiation endpoint, the authorization endpoint, and the token endpoint.
These are descibed in detail in Section 2 of the OAuth 1.0a specification.
</t>
<section title='The "oauth-initiate" Link Relation Type'>
<t>
The OAuth 1.0a entry point used to initiate the sequence, this short lived
request is what the user approves to grant access to the resource.
</t>
</section>
<section title='The "oauth-authorize" Link Relation Type'>
<t>
The OAuth 1.0a authorization entry point used to approve an access request. This
is expected to be a user facing web interface.
</t>
</section>
<section title='The "oauth-token" Link Relation Type'>
<t>
The OAuth 1.0a token API entry point used to exchange an approved access request
for a token, used by the client once the resource owner has approved the
access request.
</t>
</section>
</section>
<section title="Security Considerations">
<t> This document is informational, defining values in existing registries, and as such
has no security properties to discuss.
</t>
</section>
<!-- ******************************************************************** -->
<section title="IANA Considerations">
<section title="Link Type Registration">
<t> Pursuant to <xref target="RFC5988"/> The following link relation type registrations
[[will be]] registered by mail to link-relations@ietf.org.
</t>
<section title="OAuth 2: oauth2-authorize">
<t>
<list style='symbols'>
<t>
Relation Name: oauth2-authorize
</t>
<t>
Description: An OAuth 2 authorization endpoint to be used for user
authentication/authorization to grant access to a protected resource.
</t>
<t>
Reference: Section 3.1 of [[This Document]]
</t>
<t>
Notes:
</t>
<t>
Application Data: N/A
</t>
</list>
</t>
</section>
<section title="OAuth 2: oauth2-token">
<t>
<list style='symbols'>
<t>Relation Name: oauth2-token</t>
<t>
Description: The OAuth 2 token endpoint to be used for obtaining tokens
use to access a protected resource.
</t>
<t>
Reference: Section 3.2 of [[This Document]]
</t>
<t>
Notes: This link type has two link extension parameters: "grant-types" and
"token-types".
</t>
<t>
Application Data: N/A
</t>
</list>
</t>
</section>
<section title="OAuth 1.0a: oauth-initiate">
<t>
<list style='symbols'>
<t>Relation Name: oauth-initiate</t>
<t>
Description: The OAuth 1.0a request initiation endpoint used to get an access request.
</t>
<t>Reference: Section 4.1 of [[This Document]]</t>
<t>
Notes:
</t>
<t>Application Data: N/A</t>
</list>
</t>
</section>
<section title="OAuth 1.0a: oauth-authorize">
<t>
<list style='symbols'>
<t>Relation Name: oauth-authorize</t>
<t>
Description: The OAuth 1.0a authorization endpoint used to approve an access request.
</t>
<t>Reference: Section 4.2 of [[This Document]]</t>
<t>
Notes:
</t>
<t>Application Data: N/A</t>
</list>
</t>
</section>
<section title="OAuth 1.0a: oauth-token">
<t>
<list style='symbols'>
<t>Relation Name: oauth-token</t>
<t>
Description: The OAuth 1.0a token API endpoint used to exchange an approved access request
for a token, used by the client once the resource owner has approved the
access request.
</t>
<t>Reference: Section 4.3 of [[This Document]]</t>
<t>
Notes:
</t>
<t>Application Data: N/A</t>
</list>
</t>
</section>
</section>
</section>
<!-- ******************************************************************** -->
<!-- ******************************************************************** -->
</middle>
<back>
<references title="Normative References">
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.5849.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.5988.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.6749.xml' ?>
</references>
<!--
<references title="Informative References">
</references>
-->
<section title='Document History'>
<t>
[[ to be removed by RFC editor before publication as an RFC ]]
</t>
<t>
-07
</t>
<t>
<list style='symbols'>
<t>
Editorial feedback & removed references.
</t>
<t>
Added specific text to note sections in the OAuth specs.
</t>
</list>
</t>
<t>
-06
</t>
<t>
<list style='symbols'>
<t>
Restructured the link extensions dscription into the prose, simplifying the IANA section.
</t>
</list>
</t>
<t>
-05
</t>
<t>
<list style='symbols'>
<t>
Changed the references to [[this document]] in the IANA parts.
</t>
<t>
Added a small ammount of text.
</t>
</list>
</t>
<t>
-04
</t>
<t>
<list style='symbols'>
<t>
Fixed the title.
</t>
<t>
Removed the examples.
</t>
</list>
</t>
<t>
-03
</t>
<t>
<list style='symbols'>
<t>
Corrected more typos and fixed the XRD for the examples, and small changes in the prose.
</t>
</list>
</t>
<t>
-02
</t>
<t>
<list style='symbols'>
<t>
Corrected typos. Added and example.
</t>
</list>
</t>
<t>
-01
</t>
<t>
<list style='symbols'>
<t>
Editorial changes, corrected authenticate to authrorize is most places, and added examples.
</t>
</list>
</t>
<t>
-00
</t>
<t>
<list style='symbols'>
<t>
Initial revision
</t>
</list>
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 20:42:45 |