Internet-Draft OAuth Authorization Evidence March 2026
Liu, et al. Expires 18 September 2026 [Page]
Workgroup:
Web Authorization Protocol
Internet-Draft:
draft-liu-oauth-authorization-evidence-00
Published:
Intended Status:
Standards Track
Expires:
Authors:
D. Liu
Alibaba Group
H. Zhu
Alibaba Group
S. Krishnan
Cisco
A. Parecki
Okta

Authorization Evidence and Audit Trail for OAuth 2.0 Access Tokens

Abstract

This specification defines JWT claims for including authorization evidence and audit trail information in OAuth 2.0 access tokens. These claims enable cryptographic proof of user consent, supporting accountability, compliance, and dispute resolution in scenarios where autonomous agents act on behalf of users.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 18 September 2026.

Table of Contents

1. Introduction

In traditional OAuth 2.0 flows, the Authorization Server records user consent internally, but this information is not typically conveyed to Resource Servers or included in access tokens. For many use cases, this is sufficient. However, emerging scenarios—particularly those involving AI agents acting autonomously on behalf of users—require stronger guarantees about user intent and consent.

This specification addresses the need for:

This specification defines two JWT claims: evidence for user confirmation records, and audit_trail for semantic traceability metadata.

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals.

1.1.1. Applicability

While this specification is optimized for use with Pushed Authorization Requests (PAR) [RFC9126], the mechanism defined herein is designed to be general-purpose and MAY be used with various OAuth 2.0 authorization flows, including but not limited to:

  • Authorization Code Grant (with or without PAR);
  • Client Credentials Grant;
  • Token Exchange [RFC8693];
  • Resource Owner Password Credentials Grant.

Different authorization flows may have different security considerations when using this specification. Implementations SHOULD carefully evaluate the security implications based on their specific deployment scenario.

2. Terminology

User Confirmation:
An explicit action by the user (e.g., clicking "Allow") to approve an authorization request.
Displayed Content:
The human-readable description of the operation shown to the user during the consent flow.
Evidence:
A cryptographically signed record of user confirmation, including what was displayed and how the user responded.
Audit Trail:
Metadata that enables tracing from user intent through system interpretation to final authorized action.
Semantic Expansion:
The process of translating user intent (e.g., natural language) into concrete system operations.

3. The evidence Claim

The evidence claim contains a record of the user's confirmation action during the authorization process. It is included in access tokens to provide verifiable proof of user consent.

3.1. Claim Definition

Claim Name:
evidence
Claim Type:
Object
Usage:
Access tokens

3.2. Structure 

{
  "evidence": {
    "id": "evidence-abc123",
    "user_confirmation": {
      "displayed_content": "Add items under $50 to cart",
      "user_action": "confirmed_via_button_click",
      "timestamp": 1731320595,
      "interface_version": "consent-ui-v2.1"
    },
    "session_context": {
      "session_id": "session_xyz789",
      "client_instance": "dfp_abc123",
      "channel": "mobile-app"
    },
    "as_signature": "eyJhbGciOiJSUzI1NiIs..."
  }
}
Figure 1

3.3. Field Definitions

Table 1: evidence Claim Fields
Field Type Requirement Description
id string REQUIRED Unique identifier for this evidence record.
user_confirmation object REQUIRED Details of the user's confirmation action.
session_context object OPTIONAL Session and device context information.
as_signature string REQUIRED AS signature over the confirmation record.

3.3.1. user_confirmation Object

Table 2: user_confirmation Fields
Field Type Requirement Description
displayed_content string REQUIRED The text shown to user for confirmation.
user_action string REQUIRED How the user confirmed (e.g., button click).
timestamp NumericDate REQUIRED When the confirmation occurred.
interface_version string OPTIONAL Version of the consent UI used.

3.3.2. session_context Object

Table 3: session_context Fields
Field Type Requirement Description
session_id string OPTIONAL OAuth session identifier.
client_instance string OPTIONAL Device/client instance fingerprint.
channel string OPTIONAL Authorization channel (mobile, web, etc.).

3.4. AS Signature

The as_signature field contains a cryptographic signature from the Authorization Server over the evidence record. This signature:

  • Proves the AS witnessed the user's consent;
  • Ensures the evidence has not been tampered with;
  • Enables non-repudiation for dispute resolution.

The signature MUST be computed over the following fields of the evidence object:

  • id
  • user_confirmation (entire object)
  • session_context (if present)

The as_signature field itself MUST be excluded from the signature computation. The signature input MUST be constructed using JSON Canonicalization Scheme (JCS) as defined in RFC 8785 to ensure deterministic serialization. The signature format MUST be a detached JWS (JSON Web Signature) using the AS's signing key.

4. The audit_trail Claim

The audit_trail claim provides metadata for semantic traceability, enabling analysis of how user intent was interpreted and translated into authorized operations.

4.1. Claim Definition

Claim Name:
audit_trail
Claim Type:
Object
Usage:
Access tokens

4.2. Structure 

{
  "audit_trail": {
    "evidence_ref": "evidence-abc123",
    "semantic_expansion_level": "medium",
    "interpretation_notes": "Mapped 'cheap' to '$50 limit'",
    "proposal_ref": "urn:uuid:proposal-xyz"
  }
}
Figure 2

4.3. Field Definitions

Table 4: audit_trail Claim Fields
Field Type Requirement Description
evidence_ref string OPTIONAL Reference to the evidence record by ID.
semantic_expansion_level string OPTIONAL Degree of interpretation applied (none, low, medium, high).
interpretation_notes string OPTIONAL Human-readable notes about semantic mapping.
proposal_ref URI OPTIONAL Reference to the original authorization proposal.

4.4. Semantic Expansion Levels

The semantic_expansion_level field indicates how much the system interpreted or expanded the user's original intent:

none:
No interpretation; user specified exact parameters.
low:
Minor defaults applied (e.g., default quantity of 1).
medium:
Significant interpretation (e.g., "cheap" mapped to "$50").
high:
Substantial expansion (e.g., multi-step plan derived from goal).

5. Audit Trail Purposes

The evidence and audit trail claims serve several important purposes:

Table 5: Purposes of Authorization Evidence
Purpose Description
Intent Provenance Records what the user intended, preventing disputes about authorization scope.
Action Interpretation Documents how the system translated intent into operations, showing the reasoning process.
Semantic Transparency Reveals any expansions or defaults applied, enabling users to understand what was authorized.
User Confirmation Provides timestamped proof that the user reviewed and approved the operation.
Accountability Support Enables post-hoc analysis to determine responsibility for erroneous transactions.

6. Authorization Server Processing

6.1. Evidence Generation

When issuing an access token with evidence, the AS MUST:

  1. Record the exact content displayed to the user during consent;
  2. Capture the user's confirmation action and timestamp;
  3. Generate a unique evidence identifier;
  4. Sign the user_confirmation object with the AS's private key;
  5. Include the evidence claim in the access token.

6.2. Storage Requirements

The AS SHOULD retain evidence records for a configurable period to support:

  • Dispute resolution;
  • Regulatory compliance;
  • Audit requests;
  • Token introspection with evidence details.

7. Resource Server Processing

7.1. Evidence Verification

Resource Servers MAY verify the evidence claim by:

  1. Extracting the as_signature from the evidence;
  2. Verifying the signature using the AS's public key;
  3. Confirming the displayed_content matches the requested operation;
  4. Checking the timestamp is within acceptable bounds.

7.2. Audit Logging

Resource Servers SHOULD log evidence information for audit purposes, including:

  • Evidence ID;
  • User confirmation timestamp;
  • Displayed content summary;
  • Operation performed;
  • Outcome (success/failure).

8. Security Considerations

8.1. Signature Verification

The AS signature over user_confirmation is critical for evidence integrity. Implementations MUST:

  • Use strong cryptographic algorithms (e.g., RS256, ES256);
  • Protect AS signing keys appropriately;
  • Rotate keys periodically with proper key management.

8.2. Evidence Tampering

The evidence claim is protected by the access token's signature. However, the as_signature field provides an additional layer of protection specifically for the user confirmation record.

8.3. Replay Attacks

Evidence records are bound to specific access tokens. The evidence ID and timestamp help detect attempts to reuse evidence across different authorization contexts.

9. Privacy Considerations

9.1. Displayed Content

The displayed_content field may contain sensitive information about the user's intent. Implementations SHOULD:

  • Minimize information in displayed_content to what is necessary;
  • Avoid including personal data unless required;
  • Consider encryption for highly sensitive content.

9.2. Evidence Retention

Evidence records may be subject to data protection regulations. Implementations MUST:

  • Define retention periods appropriate to regulatory requirements;
  • Provide mechanisms for evidence deletion when required;
  • Limit access to evidence records to authorized parties.

10. IANA Considerations

10.1. JWT Claims Registration

This specification registers the following claims in the "JSON Web Token Claims" registry:

Claim Name:
evidence
Claim Description:
User confirmation evidence with AS signature for authorization proof and audit purposes.
Change Controller:
IETF
Specification Document:
Section 3 of this document
Claim Name:
audit_trail
Claim Description:
Semantic traceability metadata linking user intent to authorized operations.
Change Controller:
IETF
Specification Document:
Section 4 of this document

11. References

11.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC7519]
Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, , <https://www.rfc-editor.org/info/rfc7519>.
[RFC8693]
Jones, M., Nadalin, A., Campbell, B., Ed., Bradley, J., and C. Mortimore, "OAuth 2.0 Token Exchange", RFC 8693, DOI 10.17487/RFC8693, , <https://www.rfc-editor.org/info/rfc8693>.
[RFC9126]
Lodderstedt, T., Campbell, B., Sakimura, N., Tonge, D., and F. Skokan, "OAuth 2.0 Pushed Authorization Requests", RFC 9126, DOI 10.17487/RFC9126, , <https://www.rfc-editor.org/info/rfc9126>.
[RFC7515]
Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, , <https://www.rfc-editor.org/info/rfc7515>.
[RFC8785]
Rundgren, A., Jordan, B., and S. Erdtman, "JSON Canonicalization Scheme (JCS)", RFC 8785, DOI 10.17487/RFC8785, , <https://www.rfc-editor.org/info/rfc8785>.

11.2. Informative References

[RFC6749]
Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, DOI 10.17487/RFC6749, , <https://www.rfc-editor.org/info/rfc6749>.

Appendix A. Complete Example

The following shows a complete access token with both evidence and audit_trail claims:

{
  "iss": "https://as.example.com",
  "sub": "user_12345",
  "aud": "https://api.shop.example",
  "exp": 1731369540,
  "iat": 1731320700,
  "jti": "urn:uuid:token-abc-123",

  "act": {
    "sub": "spiffe://myassistant.example/agent"
  },

  "evidence": {
    "id": "evidence-abc123",
    "user_confirmation": {
      "displayed_content": "Add items under $50 to cart during Nov 11 sale",
      "user_action": "confirmed_via_button_click",
      "timestamp": 1731320595,
      "interface_version": "consent-ui-v2.1"
    },
    "session_context": {
      "session_id": "session_xyz789",
      "client_instance": "dfp_abc123",
      "channel": "mobile-app"
    },
    "as_signature": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
  },

  "audit_trail": {
    "evidence_ref": "evidence-abc123",
    "semantic_expansion_level": "medium",
    "interpretation_notes": "User said 'cheap items', mapped to '$50 limit'",
    "proposal_ref": "urn:uuid:proposal-xyz"
  },

  "policy_ref": {
    "id": "policy-cart-50",
    "endpoint": "https://as.example.com/policies/policy-cart-50"
  }
}
Figure 3

Acknowledgments

The authors would like to thank Brian Campbell for his valuable feedback and insightful discussions during the development of this specification. His contributions helped shape key design decisions.

Authors' Addresses

Dapeng Liu
Alibaba Group
Hongru Zhu
Alibaba Group
Suresh Krishnan
Cisco
Aaron Parecki
Okta