Internet-Draft draft-ietf-oauth-identity-assertion-authz-grant-04.txt is now
available. It is a work item of the Web Authorization Protocol (OAUTH) WG of
the IETF.
Title: Identity Assertion JWT Authorization Grant
Authors: Aaron Parecki
Karl McGuinness
Brian Campbell
Name: draft-ietf-oauth-identity-assertion-authz-grant-04.txt
Pages: 65
Dates: 2026-05-21
Abstract:
This specification provides a mechanism for an application to use an
identity assertion to obtain an access token for a third-party API by
coordinating through an identity provider that the downstream
Resource Authorization Server already trusts for single sign-on
(SSO), using Token Exchange [RFC8693] and JWT Profile for OAuth 2.0
Authorization Grants [RFC7523]. This pattern is informally referred
to as Cross-App Access (XAA).
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-identity-assertion-authz-grant-04.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-identity-assertion-authz-grant-04
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
