add authorization server metadata (#164)

aaronpk · web-flow · commit 229be32818a0 · 2025-07-03T09:45:14.000+01:00
* add authorization server metadata adds authorization server metadata property to indicate which token types are supported in a token exchange request. closes #147 * fix token types supported description * `identity_chaining_requested_token_types_supported` clarify requested token type, not subject token type * reword `identity_chaining_requested_token_types_supported` from Pieter's feedback
diff --git a/draft-ietf-oauth-identity-chaining.md b/draft-ietf-oauth-identity-chaining.md
@@ -287,8 +287,32 @@ The authorization server in Domain A transcribes the claims in the JWT authoriza
 
 The representation of transcribed claims and their format is not defined in this specification.
 
+# Authorization Server Metadata {#authorization-server-metadata}
+
+The following authorization server metadata parameter is defined by this specification and is registered in the "OAuth Authorization Server Metadata" registry established in "OAuth 2.0 Authorization Server Metadata" {{RFC8414}}.
+
+{:vspace}
+identity_chaining_requested_token_types_supported
+: OPTIONAL. JSON array containing a list of Token Types that can be requested as a `requested_token_type` in the Token Exchange request when performing Identity and Authorization Chaining Across Domains. Authorization servers MAY choose not to advertise some supported requested token types even when this parameter is used, and lack of a value does not necessarily mean that the token type is unsupported.
+
+
 # IANA Considerations {#IANA}
 
+## OAuth Authorization Server Metadata Registry
+
+This specification defines the following parameter in the "OAuth Authorization Server Metadata" registry established in {{RFC8414}}.
+
+### Registry Contents
+
+* Metadata Name: `identity_chaining_requested_token_types_supported`
+* Metadata Description: JSON array containing a list of Token Type Identifiers supported as a `requested_token_type` in an Identity and Authorization Chaining Token Exchange ({{RFC8693}}) request.
+* Change Controller: IETF
+* Specification Document(s): {{authorization-server-metadata}}
+
+
+The registry records the supported token types that can be requested in an {{RFC8693}} Token Exchange.
+
+
 ## Media Types
 This specification does not define any new media types.
 
@@ -526,6 +550,7 @@ The editors would like to thank Joe Jubinski, Justin Richer, Dean H. Saxe, and o
 * Fix some toolchain complaints and other nitpicks
 * Added some Privacy Considerations
 * Move Mr. Parecki from acknowledgements to contributors in acknowledgement of his contributions
+* Added Authorization Server Metadata registry to publish supported Token Exchange requested token types
 
 -04
 
