Re: [OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol

Gesendet: Mittwoch, 15. Mai 2019 19:57 > An: Sahler, Frank > Cc: oauth@ietf.org > Betreff: Re: [OAUTH-WG] Query on RFC 7591 - dynamic client registration > protocol > > On the surface this is fine, but it hides an important detail: you need to > have a client registered wit

Re: [OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol

Gesendet: Mittwoch, 15. Mai 2019 19:57 An: Sahler, Frank Cc: oauth@ietf.org Betreff: Re: [OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol On the surface this is fine, but it hides an important detail: you need to have a client registered with the system in order to make a to

Re: [OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol

On the surface this is fine, but it hides an important detail: you need to have a client registered with the system in order to make a token request, meaning that the “dcr” token was issued to a different client than the one making the registration request. So that just means that the developer

[OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol

Hello, I read in the dynamic client registration documentation of the company curity (https://developer.curity.io/tutorials/dynamic-client-registration-overview) that they use the scope "dcr" in the authorization request to get an initial access token i.e. a bearer token that only allows access