New request or response parameters for use with the authorization

   endpoint or the token endpoint are defined and registered in the

   OAuth Parameters registry following the procedure in Section 11.2.

​

   Parameter names MUST conform to the param-name ABNF, and parameter

   values syntax MUST be well-defined (e.g., using ABNF, or a reference

   to the syntax of an existing parameter).

​

     param-name  = 1*name-char

     name-char   = "-" / "." / "_" / DIGIT / ALPHA

​

​

​

​

Hardt                        Standards Track                   [Page 50]

RFC 6749                        OAuth 2.0                   October 2012

​

​

   Unregistered vendor-specific parameter extensions that are not

   commonly applicable and that are specific to the implementation

   details of the authorization server where they are used SHOULD

   utilize a vendor-specific prefix that is not likely to conflict with

   other registered values (e.g., begin with 'companyname_').