Hi Emilia,
The `software_statement` itself is not client metadata; rather, it is a JWT
that contains client metadata. For example, if you decode the payload of
the `software_statement` value (a JWT) shown as an example in RFC 7591, it
looks like this:
{
"software_id": "4NRB1-0XZABZI9E6-5SM3R",
"client_name": "Example Statement-based Client",
"client_uri": "https://client.example.net/";
}
As you can see, three pieces of client metadata appear: `software_id`,
`client_name`, and `client_uri`.
There aren't many technical documents that explain `software_statement` in
detail, but I mentioned it in a blog article I wrote about Brazil's Open
Banking. Please take a look if you're interested:
Implementer's note about Open Banking Brasil:
https://darutk.medium.com/implementers-note-about-open-banking-brasil-78d3d612dfaf
Best Regards,
Taka at Authlete
On Wed, Dec 3, 2025 at 12:55 AM Emelia S. <emelia=
[email protected]> wrote:
> (Apologies for the resend if the original email gets through, I
> accidentally sent from the wrong email address, which isn't the one I do
> IETF work with)
>
> Hi all,
>
> I just noticed that the software_statement property of Client Metadata is
> not registered with IANA:
> https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata
>
> There's software_id and software_version, but software_statement hasn't
> been registered, despite being in the document that created the registry?
>
> It is here: https://www.rfc-editor.org/rfc/rfc7591.html#section-3.1.1
>
> But it doesn't appear in
> https://www.rfc-editor.org/rfc/rfc7591.html#section-4.1.2
>
> This seems like an error? I'm not sure what the procedure is to correct
> this?
>
> Yours,
> Emelia Smith
> _______________________________________________
> OAuth mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
--
*Takahiko Kawasaki*
Co-Founder
[email protected]
[image: Authlete]
authlete.com <https://www.authlete.com/> |Linkedin
<https://www.linkedin.com/company/authlete/>
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
