Technical Summary
This specification defines a metadata format that an OAuth 2.0 client
can use to obtain the information needed to interact with an OAuth
2.0 authorization server, including its endpoint locations and
authorization server capabilities.
Working Group Summary
Work on a discovery mechanism for OAuth was planned since a long
time but it took till late 2015 before a document was submitted
to the group, which re-used work done in the OpenID Foundation.
When the WGLC was started in 2016, see
https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html,
feedback resulted in refocusing the scope of the specification,
removing everything except for the authorization server metadata.
Now, almost a year later these concerns have been resolved and
the document is ready for publication.
Document Quality
The document scope has been changed to capture current deployment
practice.
There are 34 authorization server and 9 OAuth client implementations
listed at http://openid.net/certification/ that implement metadata
compatible with the AS metadata specification.
(See the "Config OP" and "Config RP" columns.)
Microsoft and Google are using this specification in deployment.
Personnel
Hannes Tschofenig is the document shepherd and the responsible area
director is Eric Rescorla.