successful client registration response
SIOP v2 contains the following statement:
“If no error is returned, the RP must proceed as if it had obtained the following Client Registration Response:
client_id
redirect_uri value of the Client.
clientsecretexpires_at
0”
What is the meaning of this statement?
I’m asking since if the response is returned successfully from the SIOP, the process has already successfully completed. No client_id is issued, no further communication will be going on between RP and SIOP.
I suggest to remove this statement.
Comments (6)
-
-
I will try to evaluate whether the need for this text has been superseded.
-
-
assigned issue to
to review whether this has been superseded or not.
-
assigned issue to
-
That language is in the Core spec because, unlike when Dynamic Client Registration is used, the SIOP during-the-request registration returns no registration response, saying which registration parameters were actually used by the OP. Note that I’m not advocating adding a registration response, because I agree with Torsten that, in some sense, it’s already too late for a registration response to be actionable.
I believe that it’s fine to remove the cited text from the V2 spec - possibly replacing it with a note saying that no registration response is returned, and that a successful authentication response implicitly indicates that the registration parameters were accepted.
-
I created a small PR #49 for this issue
-
- changed status to resolved
resolved by merging PR #49
- Log in to comment
Yes, we kept it based on the original SIOP text in OIDC.Core, and I asked Mike a similar question - he said we need to confirm with the WG why this was initially included. Let’s ask and if no one remembers, or the reason is irrelevant, we should remove.