-
assigned issue to
- changed status to on hold
Registration 2.2 - Why must client_secret change with each response?
Issue #363
resolved
The spec currently says that the client secret should change with each registration response. About this, Yaron Goland wrote:
Um… why? In fact given error recovery scenarios changing this on each request sounds like a bug, not a feature.
Comments (5)
-
-
- changed title to Registration 2.2 - Why must client_secret change with each response?
-
reporter -
assigned issue to
This may have to do with the "update" option, versus the "associate" option. Mike to ask Yaron for feedback.
-
assigned issue to
-
reporter -
assigned issue to
- changed status to open
We should add an explicit parameter that requests a new client_secret and update the spec from saying that "This should change with each response" to reflect the addition of this parameter. We should also state that the client_secret must be different for different client_ids.
-
assigned issue to
-
- changed status to resolved
Fixes
#363Make rotate secret a separate type and stop client secret changing with every response. - Log in to comment
Add comment on why secret changes (for rotating secrets). Ask Yaron directly on what the question means.