IEC International ISO Standard ISO/IEC26138 First edition Information technology - OpenID 2024-10 connect OAuth 2.0 multiple response type encoding practices Reference number ISO/IEC 26138:2024(en) @ISO/IEC2024 IS0/IEC 26138:2024(en) COPYRIGHT PROTECTED DOCUMENT @IS0/IEC2024 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either Iso at the address below orIso'smemberbody inthecountryoftherequester. ISO copyright office CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone:+41227490111 Email: Website: Published in Switzerland IS0/IEC 2024 - All rights reserved ii IS0/IEC 26138:2024(en) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are membersofIsOorIECparticipateinthedevelopmentofInternationalStandardsthroughtechnical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with IsO and IEC, also take part in the work. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of document should be noted (see experts/refdocs). IsO and IEC draw attention to the possibility that the implementation of this document may involve the use of (a) patent(s). IsO and IEC take no position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at and IsO and IEC shall not be held responsible for identifying any or all such patent rights. Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation of the voluntary nature of standards, the meaning of Iso specific terms and expressions related to conformity assessment, as well as information about Iso's adherence to the In the IEC, see This document was prepared by the OpenID Foundation (OIDF) (as OAuth 2.0 Multiple Response Type Encoding Practices) and drafted in accordance with its editorial rules. It was adopted, under the JTC 1 PAS procedure, by Joint Technical Committee ISO/IEC JTC 1, Information technology. Anyfeedbackorquestionsonthisdocumentshouldbedirectedtotheuser'snational standardsbody.A complete listing of these bodies can be found at and committees. IS0/IEC 2024 - All rights reserved iii

