successful client registration response

Issue #1267 resolved
Torsten Lodderstedt created an issue

SIOP v2 contains the following statement:

“If no error is returned, the RP must proceed as if it had obtained the following Client Registration Response:


redirect_uri value of the Client.



What is the meaning of this statement?

I’m asking since if the response is returned successfully from the SIOP, the process has already successfully completed. No client_id is issued, no further communication will be going on between RP and SIOP.

I suggest to remove this statement.

Comments (6)

  1. Kristina Yasuda

    Yes, we kept it based on the original SIOP text in OIDC.Core, and I asked Mike a similar question - he said we need to confirm with the WG why this was initially included. Let’s ask and if no one remembers, or the reason is irrelevant, we should remove.

  2. Michael Jones

    That language is in the Core spec because, unlike when Dynamic Client Registration is used, the SIOP during-the-request registration returns no registration response, saying which registration parameters were actually used by the OP. Note that I’m not advocating adding a registration response, because I agree with Torsten that, in some sense, it’s already too late for a registration response to be actionable.

    I believe that it’s fine to remove the cited text from the V2 spec - possibly replacing it with a note saying that no registration response is returned, and that a successful authentication response implicitly indicates that the registration parameters were accepted.

  3. Log in to comment