feat: promote rpMetadataChoices to stable

Author: panva

README.md

@@ -42,6 +42,7 @@ _Note that not all features are enabled by default, check the configuration sect
 - [FAPI 2.0 Message Signing (`FAPI 2.0`)][fapi2ms]
 - [JWT Secured Authorization Response Mode for OAuth 2.0 (`JARM`)][jarm]
 - [OIDC Client Initiated Backchannel Authentication Flow (`CIBA`)][ciba]
+- [OIDC Relying Party Metadata Choices 1.0][rp-metadata-choices]
 
 Supported Access Token formats:
 
@@ -51,7 +52,6 @@ Supported Access Token formats:
 The following specifications and drafts are implemented as experimental features:
 
 - [Financial-grade API: Client Initiated Backchannel Authentication Profile (`FAPI-CIBA`) - Implementers Draft 01][fapi-ciba]
-- [OIDC Relying Party Metadata Choices 1.0 - Implementers Draft 01][rp-metadata-choices]
 - [OAuth 2.0 Attestation-Based Client Authentication - Draft 06][attestation-client-auth]
 - [OAuth Client ID Metadata Document (`CIMD`) - Draft 01][cimd]
 
@@ -168,7 +168,7 @@ actions and i.e. emit metrics that react to specific triggers. See the list of a
 [fapi2sp]: https://openid.net/specs/fapi-security-profile-2_0-final.html
 [fapi2ms]: https://openid.net/specs/fapi-message-signing-2_0-final.html
 [Security Policy]: https://github.com/panva/node-oidc-provider/security/policy
-[rp-metadata-choices]: https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-ID1.html
+[rp-metadata-choices]: https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-final.html
 [rfc8414]: https://www.rfc-editor.org/rfc/rfc8414.html
 [attestation-client-auth]: https://www.ietf.org/archive/id/draft-ietf-oauth-attestation-based-client-auth-06.html
 [cimd]: https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-01.html

docs/README.md

@@ -474,13 +474,13 @@ location / {
   - [requestObjects](#featuresrequestobjects) - OIDC Core 1.0 and RFC9101 - Passing a Request Object by Value (JAR)
   - [revocation](#featuresrevocation) - RFC7009 - OAuth 2.0 Token Revocation
   - [rpInitiatedLogout](#featuresrpinitiatedlogout) - OIDC RP-Initiated Logout 1.0
+  - [rpMetadataChoices](#featuresrpmetadatachoices) - OIDC Relying Party Metadata Choices 1.0
   - [userinfo](#featuresuserinfo) - OIDC Core 1.0 - UserInfo Endpoint
   - Experimental features:
     - [attestClientAuth](#featuresattestclientauth) - draft-ietf-oauth-attestation-based-client-auth-06 - OAuth 2.0 Attestation-Based Client Authentication
     - [clientIdMetadataDocument](#featuresclientidmetadatadocument) - `draft-ietf-oauth-client-id-metadata-document-01` - OAuth Client ID Metadata Document (CIMD)
     - [externalSigningSupport](#featuresexternalsigningsupport) - External Signing Support
     - [richAuthorizationRequests](#featuresrichauthorizationrequests) - RFC9396 - OAuth 2.0 Rich Authorization Requests
-    - [rpMetadataChoices](#featuresrpmetadatachoices) - OIDC Relying Party Metadata Choices 1.0 - Implementers Draft 01
     - [webMessageResponseMode](#featureswebmessageresponsemode) - draft-sakimura-oauth-wmrm-01 - OAuth 2.0 Web Message Response Mode
 - [findAccount ❗](#findaccount) - Account Loading and Claims Resolution
 - [interactions ❗](#interactions) - End-User Interaction Policy
@@ -2058,6 +2058,42 @@ async function postLogoutSuccessSource(ctx) {
 
 ---
 
+### features.rpMetadataChoices
+
+[OIDC Relying Party Metadata Choices 1.0](https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-final.html)  
+
+Specifies whether Relying Party Metadata Choices capabilities shall be enabled. When enabled, the authorization server shall support the following multi-valued input parameters metadata from the Relying Party Metadata Choices draft, provided that their underlying feature is also enabled: 
+
+- subject_types_supported
+- id_token_signing_alg_values_supported
+- id_token_encryption_alg_values_supported
+- id_token_encryption_enc_values_supported
+- userinfo_signing_alg_values_supported
+- userinfo_encryption_alg_values_supported
+- userinfo_encryption_enc_values_supported
+- request_object_signing_alg_values_supported
+- request_object_encryption_alg_values_supported
+- request_object_encryption_enc_values_supported
+- token_endpoint_auth_methods_supported
+- token_endpoint_auth_signing_alg_values_supported
+- introspection_signing_alg_values_supported
+- introspection_encryption_alg_values_supported
+- introspection_encryption_enc_values_supported
+- authorization_signing_alg_values_supported
+- authorization_encryption_alg_values_supported
+- authorization_encryption_enc_values_supported
+- backchannel_authentication_request_signing_alg_values_supported  
+
+
+_**default value**_:
+```js
+{
+  enabled: false
+}
+```
+
+---
+
 ### features.userinfo
 
 [OIDC Core 1.0](https://openid.net/specs/openid-connect-core-1_0-errata2.html#UserInfo) - UserInfo Endpoint  
@@ -2452,46 +2488,6 @@ const configuration = {
 
 ---
 
-### features.rpMetadataChoices
-
-[OIDC Relying Party Metadata Choices 1.0 - Implementers Draft 01](https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-ID1.html)  
-
-> [!NOTE]
-> This is an experimental feature.
-
-Specifies whether Relying Party Metadata Choices capabilities shall be enabled. When enabled, the authorization server shall support the following multi-valued input parameters metadata from the Relying Party Metadata Choices draft, provided that their underlying feature is also enabled: 
-
-- subject_types_supported
-- id_token_signing_alg_values_supported
-- id_token_encryption_alg_values_supported
-- id_token_encryption_enc_values_supported
-- userinfo_signing_alg_values_supported
-- userinfo_encryption_alg_values_supported
-- userinfo_encryption_enc_values_supported
-- request_object_signing_alg_values_supported
-- request_object_encryption_alg_values_supported
-- request_object_encryption_enc_values_supported
-- token_endpoint_auth_methods_supported
-- token_endpoint_auth_signing_alg_values_supported
-- introspection_signing_alg_values_supported
-- introspection_encryption_alg_values_supported
-- introspection_encryption_enc_values_supported
-- authorization_signing_alg_values_supported
-- authorization_encryption_alg_values_supported
-- authorization_encryption_enc_values_supported
-- backchannel_authentication_request_signing_alg_values_supported  
-
-
-_**default value**_:
-```js
-{
-  ack: undefined,
-  enabled: false
-}
-```
-
----
-
 ### features.webMessageResponseMode
 
 [draft-sakimura-oauth-wmrm-01](https://tools.ietf.org/html/draft-sakimura-oauth-wmrm-01) - OAuth 2.0 Web Message Response Mode  

lib/helpers/defaults.js

@@ -2319,7 +2319,7 @@ function makeDefaults() {
       /*
        * features.rpMetadataChoices
        *
-       * title: [OIDC Relying Party Metadata Choices 1.0 - Implementers Draft 01](https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-ID1.html)
+       * title: [OIDC Relying Party Metadata Choices 1.0](https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-final.html)
        *
        * description: Specifies whether Relying Party Metadata Choices capabilities shall be enabled.
        *   When enabled, the authorization server shall support the following multi-valued input
@@ -2346,7 +2346,7 @@ function makeDefaults() {
        * - authorization_encryption_enc_values_supported
        * - backchannel_authentication_request_signing_alg_values_supported
        */
-      rpMetadataChoices: { enabled: false, ack: undefined },
+      rpMetadataChoices: { enabled: false },
 
       /*
        * features.revocation

lib/helpers/features.js

@@ -20,6 +20,7 @@ export const STABLE = new Set([
   'resourceIndicators',
   'revocation',
   'rpInitiatedLogout',
+  'rpMetadataChoices',
   'userinfo',
 ]);
 
@@ -36,10 +37,6 @@ export const EXPERIMENTS = new Map(Object.entries({
     name: 'External Signing Key Support',
     version: ['experimental-01'],
   },
-  rpMetadataChoices: {
-    name: 'OpenID Connect Relying Party Metadata Choices',
-    version: ['draft-02'],
-  },
   attestClientAuth: {
     name: 'OAuth 2.0 Attestation-Based Client Authentication',
     version: 'draft-06',