The OAuth Token Binding specification has been revised to use the Referred 
Token Binding ID when performing token binding of access tokens.  This was 
enabled by the Implementation Considerations in the Token Binding HTTPS 
specification being added to make it clear that Token Binding implementations 
will enable using the Referred Token Binding ID in this manner.  Protected 
Resource Metadata was also defined.

Thanks to Brian Campbell for clarifications on the differences between token 
binding of access tokens issued from the authorization endpoint versus those 
issued from the token endpoint.

The specification is available at:


An HTML-formatted version is also available at:


                                                       -- Mike

P.S.  This notice was also posted at and as 

OAuth mailing list

Reply via email to