I'm working off this document for our client registration: http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-14
Section 4 - Client Configuration Endpoint says this: The client MUST use its registration access token in all calls to this endpoint as an OAuth 2.0 Bearer Token [RFC6750]. I'm trying to understand if I should provide a separate administrative endpoint for client configurations (i.e. accessible via an entity with admin credentials/privileges). I think this language is telling me "yes". What are the client options for read/update/delete should this access token be lost? I read "none". Section 4.1 - Section 4.1 says this: The authorization server MUST provide the client with the fully qualified URL in the "registration_client_uri" element of the Client Information Response (Section 5.1). I'm curious as to why this isn't returned in the Location header? Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainh...@us.ibm.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
