The OAuth 2.0 Authorization Server Metadata spec is now RFC 8414, so the references in Grant Sec 2 and 7.2 (and 9.1) and FedAuthz Sec 2 and 9.1 (and 11.1) need to be updated at the appropriate time. Our most recent reference was to rev 8, and it got to rev 10 before RFC publication. The intervening Document History bullets mention some (potentially) relevant items for us to check up on, to wit:
Clarified the meaning of "case-insensitive", as suggested by Alexey Melnikov.
Revised the transformation between the issuer identifier and the authorization server metadata location to conform to BCP 190, as suggested by Adam Roach.
Defined the characters allowed in registered metadata names and values, as suggested by Alexey Melnikov.
Changed to using the RFC 8174 boilerplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbell.
The OAuth 2.0 Authorization Server Metadata spec is now RFC 8414, so the references in Grant Sec 2 and 7.2 (and 9.1) and FedAuthz Sec 2 and 9.1 (and 11.1) need to be updated at the appropriate time. Our most recent reference was to rev 8, and it got to rev 10 before RFC publication. The intervening Document History bullets mention some (potentially) relevant items for us to check up on, to wit: