openid / connect / issues / #756 - Registration 3.2 - Should Update be able to return an updated client_secret? — Bitbucket

Issue #756 resolved

Michael Jones created an issue 2013-02-07

Registration currently says "The Authorization Server MUST NOT include the Client Secret or Request Access Token in this response."

John, Vladimir and I believe that an udpated client_secret should be able to be returend. Justin disagreed

If we keep Update (see ~~#755~~) I think we should allow an updated client_secret.

Comments (4)

Brian Campbell
Seems like an udpated client_secret should be able to be returned now that the rotate secret operation is gone.
- 2013-02-07T14:52:27+00:00
Former user Account Deleted
My argument was for keeping some kind of rotate_secret functionality. If there's some other way for the client to do that, then the client_secret, registration_access_token, and associated parameters probably MUST be returned along with everything else.
- 2013-02-07T17:31:55+00:00
Michael Jones reporter
- changed status to on hold
Placed on hold since this issue is about the Registration Client Update operation and we have removed that operation, per issue ~~#755~~.
- 2013-02-08T06:28:00+00:00
Michael Jones reporter
- changed status to resolved
Fixed ~~#755~~ - Removed client update operation. Fixed ~~#751~~ - Added client read operation. Fixed ~~#749~~ - Added "registration_access_url". Fixed ~~#756~~ - State that an updated "client_secret" value can be returned by a read operation.

→ <<cset 62fea9ed07e0>>
- 2013-02-15T06:41:04+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Component: Registration

Milestone: Implementer's Draft

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!