The OAuth Authorization Server Metadata specification has been updated to address feedback received from IESG members. Changes were:
- Revised the transformation between the issuer identifier and the authorization server metadata location to conform to BCP 190, as suggested by Adam Roach.
- Defined the characters allowed in registered metadata names and values, as suggested by Alexey Melnikov.
- Changed to using the RFC 8174 boilerplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbell.
- Acknowledged additional reviewers.
The specification is available at:
An HTML-formatted version is also available at: