features.clientIdMetadataDocument

draft-ietf-oauth-client-id-metadata-document-01 - OAuth Client ID Metadata Document (CIMD)

Note

This is an experimental feature.

Specifies whether the authorization server shall support resolving client metadata from HTTPS URLs used as client_id values. When enabled, if a client_id is an HTTPS URL conforming to the specification’s requirements, the authorization server shall fetch the client metadata document from that URL and use it as the client’s registration data, without requiring prior client registration.

default value:

{
  ack: undefined,
  allowClient: [AsyncFunction: allowClient], // see expanded details below
  allowFetch: [AsyncFunction: allowFetch], // see expanded details below
  cacheDuration: {
    max: 86400,
    min: 30
  },
  enabled: false
}

(Click to expand) features.clientIdMetadataDocument options details

allowClient

Specifies a helper function that shall be invoked every time a client resolved from a metadata document is about to be used, including when served from cache. This function enables per-request evaluation of trust and authorization policies for metadata-document-resolved clients. Return true to allow the client, or false to reject it.

default value:

async allowClient(ctx, client) {
  return true;
}

allowFetch

Specifies a helper function that shall be invoked before fetching a client metadata document from a client_id URL. This function enables enforcement of domain allowlisting, rate limiting, or other security policies. Return true to allow the fetch, or false to reject the client_id.

default value:

async allowFetch(ctx, clientId) {
  return true;
}

cacheDuration

Specifies the minimum and maximum cache duration bounds (in seconds) applied to HTTP cache headers when caching fetched client metadata documents. Cache-Control and Expires response headers are respected within these bounds.

default value:

{
  max: 86400,
  min: 30
}

---