| Internet-Draft | extensions for RAR | February 2026 |
| Chen & Su | Expires 8 August 2026 | [Page] |
OAuth 2.0 Rich Authorization Requests (RAR), as defined in RFC 9396, provides a mechanism for clients to request fine-grained, structured authorization details. However, in emerging ecosystems of collaborating AI agents and long-running automated tasks, two critical authorization dimensions remain implicit: the required security assurance level of the authorization policy and the strict binding of authorization lifetime to a task's lifecycle.¶
This document extends the "authorization_details" object of RAR by introducing two new members: "policy_context" and "lifecycle_binding". The "policy_context" member allows a client to explicitly request that the authorization be evaluated and granted under a specific policy assurance level, mitigating policy downgrade attacks and enhancing user consent. The "lifecycle_binding" member enables the validity of an authorization grant to be tied directly to the state of an external entity, such as an automated task, ensuring permissions are automatically and immediately revoked upon task completion. These extensions provide a standardized way to achieve more secure, transparent, and context-aware authorization in complex, automated environments.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 8 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
OAuth 2.0 Rich Authorization Requests [RFC9396] significantly enhances the expressive power of authorization requests beyond simple string- based scopes. This enables clients, such as sophisticated AI agents, to articulate their needs with greater precision.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC2119 [RFC8174].¶
This document uses the terms "Authorization Server" (AS), "Client", "Resource Server" (RS), and "Access Token" as defined in The OAuth 2.0 Authorization Framework [RFC6749]. The term "authorization_details" is used as defined in Rich Authorization Requests [RFC9396].¶
This specification defines a new JSON object member, "policy_context", for the "authorization_details" object. This member allows a client to request that the authorization decision be subject to a specific set of policy constraints and assurance levels.¶
The "policy_context" member, if present, MUST be a JSON object. Its members provide context for the policy decision.¶
{ "assurance_level": "financial_grade_v1", "compliance_frameworks": ["pci-dss", "gdpr","iso27001"] }¶
A string that identifies the desired policy assurance level. This identifier MUST be from a list of values pre-defined and published by the authorization server. It serves as the primary input for the AS to select the appropriate set of evaluation rules (e.g., requiring MFA, performing risk analysis).This identifier MUST be one of the values advertised by the Authorization Server in its "policy_assurance_levels_supported" metadata entry (see Section 5).¶
An optional array of strings identifying specific compliance frameworks that the requested operation must adhere to. These string identifiers MUST be values from the "OAuth Policy Compliance Frameworks" registry established by this specification (see Section 10.3.2).¶
If the request is approved, the AS SHOULD include the validated "policy_context" object within the "authorization_details" claim of the issued JWT access token. This enables the resource server to perform its own local policy enforcement based on this context.¶
This specification defines another new JSON object member, "lifecycle_binding", for the "authorization_details" object. This member ties the authorization's validity to the lifecycle of an external entity.¶
The "lifecycle_binding" member, if present, MUST be a JSON object.¶
{ "type": "task_status_webhook", "task_id": "job-d4a3b2-8c7e-4f5a-9b1c-2d3e4f5a6b7c", "termination_states": ["COMPLETED", "FAILED", "CANCELLED"] }¶
The "type" member indicates the mechanism by which the AS can monitor the external entity's state.¶
Indicates that the external task provider will notify the AS of terminal state changes via a pre-configured webhook. The object MUST also contain:¶
o "task_id" (string): A unique identifier for the task. o "termination_states" (array of strings): A list of states that, once the task enters, will trigger the immediate revocation of the associated authorization.¶
Resource servers receiving tokens that contain a "lifecycle_binding" claim SHOULD NOT rely solely on the "exp" claim for validation. They MUST employ a mechanism to check for real-time revocation, such as subscribing to a revocation feed from the AS or using token introspection [RFC7662].¶
When a request is denied due to a failure in validating the "policy_context", the AS returns an error response with the following error code:¶
Error Code: policy_requirement_not_met Description: The requested "policy_context" is not supported or cannot be satisfied. The AS SHOULD include an "error_description" parameter to provide developers with more details about the failure.¶
Preventing Policy Downgrade Attacks: The "policy_context" member allows the AS to enforce that high-risk actions are always requested with a corresponding high-assurance policy context. The AS MUST reject requests where this mapping is violated, thus preventing a client from obtaining a privileged token under weak security pretenses.¶
Ensuring Timely Revocation: The "lifecycle_binding" member significantly reduces the risk window of compromised tokens for long-running tasks. The effectiveness of this mechanism is entirely dependent on the reliability of the state notification and revocation propagation systems. Implementations MUST include robust error handling and fallbacks. The token's "exp" claim serves as an essential fallback mechanism.¶
User Consent and Transparency: The structured nature of these new members allows the AS to present a far more intelligible and accurate consent screen to the user, leading to more meaningful and informed authorization decisions.¶
Reliability of External State Monitoring: The AS must trust the source of the lifecycle events (e.g., the task provider's webhook). Mechanisms such as mutual TLS authentication and request signing SHOULD be used to secure the communication channel for state updates.¶
The "policy_context" and "lifecycle_binding" members may contain information about the user's intended actions and associated tasks. This information must be handled with care by the AS and RS, subject to the system's overall privacy policy.¶
This specification requests the registration of the following value in the "OAuth Extensions Error Registry":¶
*Error Code: policy_requirement_not_met¶
This document based on RFC9396¶