Internet-Draft OAuth Mission Deferred Approval July 2026
McGuinness Expires 3 January 2027 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-mcguinness-oauth-mission-approval-latest
Published:
Intended Status:
Standards Track
Expires:
Author:
K. McGuinness
Independent

Mission Deferred Approval for OAuth 2.0

Abstract

The Mission-Bound Authorization for OAuth 2.0 profile records an approval event at which an Approver consents to a Mission's derived Authority Set, but it treats that event as immediate. A human review of an agent's proposed Mission is often asynchronous and frequently results in approval of a narrowed subset rather than an all-or-nothing decision. This document defines an OPTIONAL Mission Deferred Approval profile. It profiles OAuth Deferred Token Response so a Mission approval can be deferred and polled, and adds a revisable approval mode in which the Authorization Server, when it can grant only a narrowed version of the proposed Mission, invites the client to push a narrowing revision and continue the same deferred approval rather than abandon it and start over. Revisions can only narrow the proposed Mission.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://mcguinness.github.io/draft-mcguinness-oauth-mission/draft-mcguinness-oauth-mission-approval.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-mcguinness-oauth-mission-approval/.

Source for this draft and an issue tracker can be found at https://github.com/mcguinness/draft-mcguinness-oauth-mission.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 3 January 2027.

Table of Contents

1. Introduction

The issuance profile [I-D.draft-mcguinness-oauth-mission] (the "issuance profile") derives an Authority Set from a submitted Mission Intent and records an approval event at which an Approver consents to that authority. It specifies what the approval commits, not how the approval is obtained over time. Two facts about agent approval are left unspecified:

This document supplies both. It profiles OAuth Deferred Token Response [I-D.draft-gerber-oauth-deferred-token-response] (the "deferred substrate") so a Mission approval can be deferred and polled, and it defines a revisable approval mode: when the Authorization Server can grant only a narrowed version of the proposed Mission, it signals which dimensions it refused and invites the client to push a narrowing revision, then continues the same deferred approval. The client keeps its place; the approval resolves over the narrowed proposal.

This is narrowing only. A revision can reduce the proposed Mission; it can never broaden it. Widening an approved Mission is a different operation with its own fresh approval ([I-D.draft-mcguinness-oauth-mission-expansion]).

2. Status: An OPTIONAL Extension

This document is OPTIONAL. A deployment that obtains Mission approvals synchronously, or that abandons and resubmits when a reviewer narrows a proposal, is fully conformant to the issuance profile and is unaffected by this document. It places no new requirement on the issuance profile.

A deployment claims this profile only when it defers Mission approvals under the deferred substrate or accepts revisable approvals. The approval event, the Authority Set, the subset rule, and the integrity anchors are unchanged; this document governs only how the approval is reached over time.

This profile tracks an in-progress substrate. It depends normatively on OAuth Deferred Token Response ([I-D.draft-gerber-oauth-deferred-token-response]), an early Internet-Draft that is not ratified and whose details may change, so this profile is not yet a stable interface and will track the substrate as it evolves. Synchronous Mission approval, which needs only the issuance profile, is the stable path; deploy deferred and revisable approval for evaluation rather than as a stable interface.

3. Relationship to the Issuance Profile

This document depends normatively on the issuance profile and on the deferred substrate, and is not implementable alone. It reuses, without restating, the issuance profile's Mission Intent, submission via PAR [RFC9126], authority derivation, approval event, subset rule, and integrity anchors, and the deferred substrate's deferral response, continuation polling, cancellation, and sender-constraint rules. It uses the terms Agent (Client), Approver, Mission Issuer, Mission Intent, and Authority Set as the issuance profile defines them, and completion_mode, deferral_code, and the deferred grant type as the deferred substrate defines them.

4. Conventions and Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Proposed Mission:

The Mission Intent and the Authority Set the Mission Issuer derived from it, pending an approval decision.

Revision:

A narrowing of the proposed Mission, submitted by the client while the approval is deferred, that replaces the proposed Mission's Authority Set with a subset of it.

5. Deferred Mission Approval

A Mission approval MAY be deferred. The client submits the Mission Intent through PAR as the issuance profile requires, and includes deferred among the completion_mode values on the resulting token request, opting in to the deferred substrate ([I-D.draft-gerber-oauth-deferred-token-response]). When the Mission Issuer cannot decide the approval immediately, for example because it routes the proposed Mission to a human reviewer, it returns the substrate's deferred response (authorization_pending with a deferral_code) instead of a token, and the client polls with the deferred grant type until the approval resolves to a Mission-bound token response, access_denied, or expired_token.

5.1. Sequencing the Approval Event

The issuance profile treats the approval event as immediate: the Approver consents and the Mission record is created atomically with issuance of the authorization code ([I-D.draft-mcguinness-oauth-mission]). This profile is an explicit override of that sequencing for a deferred approval, and it moves the approval event without weakening it:

  1. The client submits the proposed Mission via PAR [RFC9126] and the authorization request completes into a deferred state per the deferred substrate ([I-D.draft-gerber-oauth-deferred-token-response]).

  2. Before approval only the pending request exists. The authorization artifact represents a pending authorization, never authority, and no Mission exists. A deferral_code, a revision_handle, and any PAR request_uri are pending-request state, not a grant.

  3. The approval event executes on the asynchronous review surface. That surface MUST authenticate the Approver and MUST satisfy the Mission Intent's context.acr, exactly as the synchronous approval event requires ([I-D.draft-mcguinness-oauth-mission]).

  4. The Mission record is created in the active state atomically with the approval decision, preserving the issuance profile's atomicity at the moved point.

  5. Issuance then completes per the deferred substrate: the next poll resolves to a Mission-bound token response.

Deferral changes only the timing of the approval event. The Authority Set the token is issued against, its authority_hash, and the recorded consent are exactly as in a synchronous approval.

5.2. Deferred Approval State Machine

A deferred approval is in one of four states: pending, approved, denied, or revision_required. The Mission Issuer:

  • starts a deferred approval in pending;

  • MAY move pending to approved, denied, or revision_required;

  • returns revision_required to pending on an accepted revision (Section 6.2); and

  • accepts a revision only while in revision_required.

approved and denied are terminal. Resolving a deferred approval and replacing its proposed Mission with a revision are atomic with respect to each other: a concurrent approval of a proposal that a revision has superseded cannot commit, and a revision accepted after the approval resolved cannot reopen it.

       submit (PAR + deferred)
                |
                v
           +---------+   accept revision   +------------------+
           | pending |<--------------------| revision_required|
           +---------+                     +------------------+
             |  |  |                              ^
   approve   |  |  | needs narrowing              |
             |  |  +------------------------------+
             |  |
             |  +----------------> denied  (terminal)
             v
          approved  (terminal; Mission created active)

6. Revisable Approval

A client signals that it accepts a narrowing revision by including revisable among its completion_mode values alongside deferred:

completion_mode=deferred revisable

revisable is a completion-mode value registered in the deferred substrate's OAuth Completion Mode Values registry (Section 12). It authorizes only the revision handshake defined here. A Mission Issuer MUST NOT invite a revision unless the client offered revisable. revisable has effect only together with deferred; a Mission Issuer that receives revisable without deferred MUST ignore it, because there is no deferred approval to revise.

6.1. The Revision Required signal

When the Mission Issuer determines that it cannot approve the proposed Mission as stated, but could approve a sufficiently narrowed version, and the client offered revisable, it returns the deferred substrate's authorization_pending response extended with revision parameters rather than resolving to access_denied. Using the substrate's existing pending response, as the substrate permits a profile to do, keeps a client that does not implement this profile polling normally; only a revisable-aware client acts on the added parameters.

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store

{
  "error": "authorization_pending",
  "deferral_code": "dc_9P2K7zT1mX8b3N",
  "revision_required": true,
  "revision_handle": "rvh_4QFJ3P9",
  "rejected_scope": "crm:write",
  "rejected_authorization_details": [
    { "type": "payment", "limit": "10000" }
  ],
  "expires_in": 420,
  "interval": 5
}

revision_required (boolean) and revision_handle (string) are REQUIRED on this response. rejected_scope and rejected_authorization_details are OPTIONAL; they name the dimensions of the proposed Mission that were refused so the agent can plan a narrowed revision without further out-of-band interaction. A Mission Issuer MAY omit them when disclosure would reveal sensitive policy state.

rejected_scope is a space-delimited list of scope tokens, using the scope syntax of [RFC6749]. rejected_authorization_details is an array of authorization-details-shaped subtrees that the re-derived Authority Set MUST exclude or narrow: each subtree names a type and the members within it that must not survive re-derivation unchanged. The Mission Issuer verifies per-dimension narrowing after it re-derives the Authority Set from the revised Intent (Section 6.2); the client cannot author the Authority Set, so its obligation is scoped to the Intent members it does author (the resources, the mission_expiry, and the free-text constraints), which it revises to drive that narrowing.

The revision_handle is bound to the deferred approval and authorizes one revision submission. It is not a token, grant, or continuation handle, and it is sender-constrained to the same key as the deferral_code ([I-D.draft-gerber-oauth-deferred-token-response]). A client MUST NOT treat revision_required, the rejected dimensions, or the handle as evidence of any granted authority; the proposed Mission remains unapproved.

6.2. Submitting a revision

The client submits the narrowed Mission Intent to the PAR endpoint [RFC9126] with the revision_handle as an additional parameter, sender-constrained as the deferred substrate requires. The Mission Issuer:

  1. verifies the revision_handle is bound to a deferred approval in the revision-required condition, is unexpired and single-use, and matches the client and sender-constraint of the deferred approval;

  2. re-derives the Authority Set for the revised Intent, under the same policy_version that governed the proposed Mission, and verifies it is a subset of the proposed Mission's Authority Set under the issuance profile's subset rule ([I-D.draft-mcguinness-oauth-mission]), with authorization_details narrowing per the inclusion semantics of [RFC9396]. The re-derived Authority Set MUST exclude or narrow every dimension named in rejected_scope or rejected_authorization_details (Section 6.1), verified per dimension, and MUST NOT broaden any dimension. Deriving under the proposed Mission's policy_version keeps the subset comparison reproducible; if policy has changed since the proposal, the Mission Issuer re-derives the proposed Authority Set under the current policy to re-establish the baseline before comparing, or refuses the revision;

  3. invalidates the revision_handle;

  4. replaces the proposed Mission's Authority Set with the revised one and re-reviews it.

The client continues polling the existing deferral_code; the revision does not start a new approval. If the Mission Issuer returns a PAR request_uri, it is an artifact of PAR and MUST NOT be used to start a separate authorization transaction.

6.2.1. Revision Errors

The PAR endpoint reports a failed revision with a specific error:

  • An expired or already-consumed revision_handle yields invalid_grant.

  • A malformed revision (unparseable, or structurally invalid against the Mission Intent member definitions) yields invalid_request.

  • A revision whose re-derived Authority Set does not narrow every dimension named in rejected_scope or rejected_authorization_details yields revision_not_narrowing (Section 12).

  • When the deferral resolved (to access_denied, expired_token, or an approval) while the revision was in flight, the endpoint yields invalid_grant and the resolution is conveyed on the next poll of the deferral_code.

A malformed revision leaves the revision_handle reissuable: because the submission never advanced the approval, the client obtains a new handle from a subsequent authorization_pending response and retries. A consumed handle, and a handle whose deferral has resolved, are not reissuable.

A Mission Issuer MUST bound the number of revision cycles per deferred approval and MUST resolve to access_denied once the bound is reached or no acceptable narrowing remains, so a client cannot drive an unbounded revision loop.

6.3. Pending Lifetime and Staleness

A deferred approval MUST carry a deployment-set maximum pending lifetime, after which it resolves to expired_token per the deferred substrate. A decision made after a change to the derivation policy_version, or to the applicable capability catalog, MUST be made over a proposal that has been re-derived and re-rendered under the current policy and catalog; the Mission Issuer MUST NOT commit an approval over a proposal derived under superseded policy.

7. Integration with the Mission Suite

Consent evidence:

A revised proposed Mission is a different disclosure. Where a deployment records Consent Evidence ([I-D.draft-mcguinness-oauth-mission-consent-evidence]), the re-reviewed revision MUST get a fresh consent_rendering_hash; prior consent does not transfer to the narrowed proposal. Each revision-required outcome produces Consent Evidence with decision narrowed, carrying the reviewed disclosure's consent_rendering_hash and the refused dimensions. The final evidence for the resulting approval MAY carry predecessor_intent_hashes committing the revision chain.

Shaping:

The rejected_scope and rejected_authorization_details parameters are the machine-readable input a client-side shaper ([I-D.draft-mcguinness-oauth-mission-shaping]) uses to plan the narrowed revision. Shaping narrows a proposal before submission; this profile narrows it during review. Together they let an orchestrator propose, learn what was refused, and re-propose without losing state.

Integrity anchors:

The approval commits the final, narrowed Authority Set. The intent_hash and authority_hash are computed over the revised Mission Intent and Authority Set actually approved, not the originating proposal.

This profile narrows only, and only while an approval is deferred. It is distinct from widening an approved Mission, which requires a fresh approval ([I-D.draft-mcguinness-oauth-mission-expansion]), and from drawing authority from a pre-consented ceiling without a per-step human (progressive authorization, [I-D.draft-mcguinness-oauth-mission-expansion]).

8. Worked Example

Agent s6BhdRkqt3, acting for alice, proposes a Mission to reconcile Q3 invoices that asks for both read and write on the ERP. It submits the Mission Intent through PAR and opts in to both deferral and revision on the token request:

POST /token HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&
client_id=s6BhdRkqt3&
completion_mode=deferred%20revisable

The Mission Issuer routes the proposed Mission to alice for review and defers:

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store

{ "error": "authorization_pending",
  "deferral_code": "dfc_7M2R4kP9sT1x",
  "expires_in": 600, "interval": 5 }

The agent polls with the deferred grant type. On review alice approves read but not write. Rather than deny, the Mission Issuer narrows and invites a revision, extending the pending response:

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store

{ "error": "authorization_pending",
  "deferral_code": "dfc_7M2R4kP9sT1x",
  "revision_required": true,
  "revision_handle": "rvh_4QFJ3P9wZ2",
  "rejected_authorization_details": [
    { "type": "mission_resource_access",
      "resource": "https://erp.example.com",
      "actions": ["journal-entries.write"] } ],
  "expires_in": 540, "interval": 5 }

The agent pushes a narrowed Mission Intent, dropping the write, to PAR with the revision handle:

POST /par HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded

mission_intent=%7B...read-only%20Q3%20invoices...%7D&
client_id=s6BhdRkqt3&
revision_handle=rvh_4QFJ3P9wZ2

The Mission Issuer verifies the handle, confirms the revised Authority Set is a subset of the proposed one, updates the deferred approval, and returns it to pending. alice reviews the narrowed read-only proposal and approves it. Every revision resolution requires a fresh approval event with its own rendering; prior consent does not transfer, and the recorded approver is the principal who approved the final set. The agent keeps polling the same deferral_code, which now resolves to a Mission-bound token over the final, narrowed authority:

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store

{ "access_token": "eyJ...",
  "token_type": "DPoP",
  "expires_in": 300,
  "authorization_details": [
    { "type": "mission_resource_access",
      "resource": "https://erp.example.com",
      "actions": ["invoices.read"],
      "constraints": { "period": "2026-Q3" } } ],
  "mission_id": "msn_8RfX2Lqv9TqMv4z7sA2bN1k0YpEdHc9-" }

The token carries the mission claim and its authority_hash as the issuance profile defines; the response also surfaces the optional mission_id parameter ([I-D.draft-mcguinness-oauth-mission]) for correlation. The agent never abandoned its request; the approval resolved over the narrowed proposal, and the committed authority_hash is over the read-only Authority Set actually approved.

A deployment that wants a revision resolved by policy rather than by a fresh human approval uses the expansion profile's progressive authorization, drawing authority from a pre-consented ceiling ([I-D.draft-mcguinness-oauth-mission-expansion]).

9. Conformance

A Mission Issuer conforming to this profile MUST:

A client conforming to this profile MUST treat a revision-required response as unapproved, submit only narrowing revisions, and continue polling the existing deferral_code.

10. Security Considerations

The deferred substrate's security considerations apply in full, including deferral-code entropy, sender-constraint continuity, cancellation, and oracle resistance. This section adds only what the revision handshake introduces.

The asynchronous review surface is part of the consent path. It MUST meet the approval event's authentication requirements, authenticating the Approver and satisfying the Mission Intent's context.acr (Section 5.1); deferring an approval does not lower the bar the synchronous event sets. Approver routing and notification, how a proposed Mission reaches a reviewer and how the reviewer is alerted, are deployment matters and are named as such here rather than specified.

11. Privacy Considerations

The rejected-dimension parameters and the revision history reveal what authority an agent sought and was refused. A Mission Issuer SHOULD treat them as sensitive, minimize what it discloses, and retain revision history under the same controls as other approval-event records.

12. IANA Considerations

This document registers one value in the OAuth Completion Mode Values registry established by the deferred substrate ([I-D.draft-gerber-oauth-deferred-token-response]):

This document registers the following in the "OAuth Parameters" registry. For each: Change Controller IETF; Reference this document, Section 6.1.

PAR [RFC9126] carries authorization-request parameters without a distinct usage location, so the pushed submission of the narrowed Intent and revision_handle needs no separate registration, as the issuance profile states ([I-D.draft-mcguinness-oauth-mission]).

This document registers the following in the "OAuth Extensions Error" registry:

13. References

13.1. Normative References

[I-D.draft-gerber-oauth-deferred-token-response]
Jacobsen, F. K., de Oliveira Niero, G., and M. Gerber, "Deferred Token Response", Work in Progress, Internet-Draft, draft-gerber-oauth-deferred-token-response-00, , <https://datatracker.ietf.org/doc/html/draft-gerber-oauth-deferred-token-response-00>.
[I-D.draft-mcguinness-oauth-mission]
McGuinness, K., "Mission-Bound Authorization for OAuth 2.0", Work in Progress, Internet-Draft, draft-mcguinness-oauth-mission, , <https://datatracker.ietf.org/doc/html/draft-mcguinness-oauth-mission>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC6749]
Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, DOI 10.17487/RFC6749, , <https://www.rfc-editor.org/rfc/rfc6749>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9126]
Lodderstedt, T., Campbell, B., Sakimura, N., Tonge, D., and F. Skokan, "OAuth 2.0 Pushed Authorization Requests", RFC 9126, DOI 10.17487/RFC9126, , <https://www.rfc-editor.org/rfc/rfc9126>.
[RFC9396]
Lodderstedt, T., Richer, J., and B. Campbell, "OAuth 2.0 Rich Authorization Requests", RFC 9396, DOI 10.17487/RFC9396, , <https://www.rfc-editor.org/rfc/rfc9396>.

13.2. Informative References

McGuinness, K., "Mission Consent Evidence for OAuth 2.0", Work in Progress, Internet-Draft, draft-mcguinness-oauth-mission-consent-evidence, , <https://datatracker.ietf.org/doc/html/draft-mcguinness-oauth-mission-consent-evidence>.
[I-D.draft-mcguinness-oauth-mission-expansion]
McGuinness, K., "Mission Expansion for OAuth 2.0", Work in Progress, Internet-Draft, draft-mcguinness-oauth-mission-expansion, , <https://datatracker.ietf.org/doc/html/draft-mcguinness-oauth-mission-expansion>.
[I-D.draft-mcguinness-oauth-mission-shaping]
McGuinness, K., "Mission Intent Shaping for OAuth 2.0", Work in Progress, Internet-Draft, draft-mcguinness-oauth-mission-shaping, , <https://datatracker.ietf.org/doc/html/draft-mcguinness-oauth-mission-shaping>.

Acknowledgments

This document is part of the Mission-Bound Authorization for OAuth 2.0 work and profiles OAuth Deferred Token Response for asynchronous, revisable Mission approval.

Author's Address

Karl McGuinness
Independent