[Federation] The explicit client registration response should allow OAuth clients
Issue #2132
resolved
The current explicit client registration is specified exclusively for OpenID relying parties (RPs). Plain OAuth client should also be able to use it.
https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-12.2.2.1-4.18
metadata
REQUIRED. It MUST contain the registered RP metadata under the
openid_relying_party
Entity Type Identifier. See Section 3 for the full specification.
→ Add oauth_client
.
Comments (6)
-
-
-
assigned issue to
-
assigned issue to
-
reporter I wonder whether a well-crafted note saying that the registration methods also work for
oauth_client
the Entity Type would suffice? -
That's a good idea. Less is more.
-
- changed status to open
To be fixed by https://bitbucket.org/openid/connect/pull-requests/720
-
- changed status to resolved
- Log in to comment
I’m good with generalizing this functionality to be usable by OAuth. When we do this, we should generalize both Explicit and Automatic client registration.
There will be more places that this change will touch than just the line quoted above. We’ll need to do a comprehensive review of all the registration language for both registration types.