While looking at RAR recently with some prospective implementer, it was noticed that the text around the client metadata is very noncommittal. It says only, "clients announce the authorization details types they use in the new dynamic client registration parameter authorization_details_type" [1] and "[authorization_details_type] indicates what authorization details types the client uses" [2].
Is there or should there be behavior associated with the value? I.e. maybe the AS would return an error in the case of a client sending a request with a type not in the list of details types they'd announced they'd use. Or is it just informational? If that's all it is, why have it at all? I believe (from the shepherd writeup) that there are some RAR implementations out there. How are they treating/using the authorization_details_type client metadata? [1] https://www.ietf.org/archive/id/draft-ietf-oauth-rar-12.html#name-metadata [2] https://www.ietf.org/archive/id/draft-ietf-oauth-rar-12.html#name-oauth-dynamic-client-regist -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
