RFC 8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens

RFC 8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens2020 RFC

February 2020

Publisher:

RFC Editor
United States

DOI:https://doi.org/10.17487/RFC8705

Published:01 February 2020

PDF eReader

Bibliometrics

Abstract

This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual-TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.

Cited By

Helmschmidt F, Hosseyni P, Küsters R, Pruiksma K, Waldmann C and Würtele T The Grant Negotiation and Authorization Protocol: Attacking, Fixing, and Verifying an Emerging Standard Computer Security – ESORICS 2023, (222-242)

Contributors

B Campbell
- Publication Years2012 - 2023
- Publication counts10
- Citation count6
- Available for Download10
- Downloads (cumulative)259
- Downloads (12 months)217
- Downloads (6 weeks)62
- Average Downloads per Article26
- Average Citation per Article1
View Full Profile
J Bradley
- Publication Years2015 - 2023
- Publication counts14
- Citation count31
- Available for Download14
- Downloads (cumulative)535
- Downloads (12 months)394
- Downloads (6 weeks)128
- Average Downloads per Article38
- Average Citation per Article2
View Full Profile
Natsuhiko Sakimura
Nomura Research Institute, Ltd.
- Publication Years2012 - 2021
- Publication counts10
- Citation count30
- Available for Download8
- Downloads (cumulative)431
- Downloads (12 months)240
- Downloads (6 weeks)85
- Average Downloads per Article54
- Average Citation per Article3
View Full Profile
T Lodderstedt
- Publication Years2020 - 2023
- Publication counts4
- Citation count4
- Available for Download4
- Downloads (cumulative)140
- Downloads (12 months)119
- Downloads (6 weeks)28
- Average Downloads per Article35
- Average Citation per Article1
View Full Profile

Index Terms

RFC 8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Comments

Browse RFC

Sections

Cited By

Index Terms

RFC 8693: OAuth 2.0 Token Exchange

RFC 9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

RFC 8414: OAuth 2.0 Authorization Server Metadata

Save to Binder

Sections

Cited By

Save to Binder

Index Terms

Recommendations

RFC 8693: OAuth 2.0 Token Exchange

RFC 9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

RFC 8414: OAuth 2.0 Authorization Server Metadata