Registration - 2 - possible clarifying text

The Client Registration Endpoint is an OAuth 2.0 Protected Resource that returns the required client credentials for the Client to configure itself for the OpenID Provider. The OpenID Provider may require an access_token provided out-of-band (and out of scope of this document) in order to restrict registration requests to only authorized clients. In order to support open registration the Client Registration Endpoint should accept requests with no OAuth 2.0 access tokens. If an Access Token is required for Client registration, the Client Registration Endpoint MUST accept Access Tokens as specified by the Bearer Tokens [OAuth.Bearer] specification.

Comments (2)