oauth tutorial - OAuth IANA Considerations - oauth2 tutorial - oauth authentication
What is meant by IANA?
- IANA stands for Internet Assigned Numbers Authority.
- It provides the information about the registration values related to the Remote Authentication Dial In User Service (RADIUS).
IANA includes the following considerations:
OAuth Access Token Types Registry:
- OAuth access tokens are registered by experts with required specification.
- If they are satisfied with the registration, only then they will publish the specification.
- The registration request will be sent to the @ietf.org for reviewing with the subject ("Request for access token type: example").
- Experts will either reject or accept the request within 14 days of the request.
Registration Template:
The registration template contains the following specifications −
- Type Name − It is the name of the request.
- Token Endpoint Response Parameters − The additional access token response parameter will be registered separately in OAuth parameters registry.
- HTTP Authentication Scheme − The HTTP authentication scheme can be used to authenticate the resources by using the access token.
- Change Controller − Give the state name as "IETF" for standard track RFCs, and for others, use the name of the responsible party.
- Specification Document − The specification document contains the parameter that can be used to retrieve a copy of the document.
OAuth Parameters Registry:
- OAuth parameters registry contains registration of authorization endpoint request or response, token endpoint request or response by the experts with the required specification.
- The registration request will be sent to the experts and if they are satisfied with registration, then they will publish the specification.
Registration Template:
- The registration template contains specifications such as Type Name, Change Controller and Specification Document as defined in the above OAuth Access Token Types Registry section, except the following specification
Parameter Usage Location
- It specifies the location of the parameter such as authorization request or response, token request or response
Initial Registry Contents:
The following table shows OAuth parameters registry containing the initial contents −
| Sr.No. | Parameter Name & Usage Location | Change Controller | Specification Document |
|---|---|---|---|
| 1 | client_id
authorization request, token request |
IETF | RFC 6749 |
| 2 | client_secret
token request |
IETF | RFC 6749 |
| 3 | response_type
authorization_request |
IETF | RFC 6749 |
| 4 | redirect_uri
authorization request, authorization |
IETF | RFC 6749 |
| 5 | scope
authorization request or response, token request or response |
IETF | RFC 6749 |
| 6 | state
authorization request or response |
IETF | RFC 6749 |
| 7 | code
token request, authorization response |
IETF | RFC 6749 |
| 8 | error_description
authorization response, token response |
IETF | RFC 6749 |
| 9 | error_uri
authorization response, token response |
IETF | RFC 6749 |
| 10 | grant_type
token request |
IETF | RFC 6749 |
| 11 | access_token
authorization response, token response |
IETF | RFC 6749 |
| 12 | token_type
authorization response, token response |
IETF | RFC 6749 |
| 13 | expires_in
authorization response, token response |
IETF | RFC 6749 |
| 14 | username
token request |
IETF | RFC 6749 |
| 15 | password
token request |
IETF | RFC 6749 |
| 16 | refresh_token
token request, token response |
IETF | RFC 6749 |
OAuth Authorization Endpoint Response Type Registry:
- This can be used to define OAuth Authorization Endpoint Response Type Registry.
- The response types are registered by experts with the required specification and if they are satisfied with the registration, only then they will publish the specification.
- The registration request will be sent to the @ietf.org for reviewing. The experts will either reject or accept the request within 14 days of the request.
Registration Template:
- The registration template contains specifications such as Type Name, Change Controller and Specification Document as defined in the above OAuth Access Token Types Registry section.
Initial Registry Contents:
The following table shows the authorization endpoint response type registry containing the initial contents.
| Sr.No. | Parameter Name | Change Controller | Specification Document |
|---|---|---|---|
| 1 | code | IETF | RFC 6749 |
| 2 | token | IETF | RFC 6749 |
OAuth Extensions Error Registry:
- This can be used to define OAuth Extensions Error Registry.
- The error codes along with protocol extensions such as grant types, token types, etc. are registered by experts with the required specification.
- If they are satisfied with the registration, then they will publish the specification.
- The registration request will be sent to the @ietf.org for reviewing with subject ("Request for error code: example").
- Experts will either reject or accept the request within 14 days of the request.
Registration Template:
The registration template contains specifications such as Change Controller and Specification Document as defined in the above OAuth Access Token Types Registry section, except the following specifications −
- Error Name − It is the name of the request.
- Error Usage Location − It specifies the location of the error such as authorization code grant error response, implicit grant response or token error response, etc, which specifies where the error can be used.
- Related Protocol Extension − You can use protocol extensions such as extension grant type, access token type, extension parameter, etc.
