Dyn reg and the scim reg variant depend too much/biased towards passwords
expressed as client secrets.
A signed token approach has many advantages for service providers like not
having to maintain a secure database of secrets/passwords.
Finally issuing both a client secret and registration t
You can definitely issue or use other kinds of secrets with both dyn reg
and the scim variant -- this was the reason we made a registry for the
token_endpoint_auth_method at your (Phil's) request. Thing is, there
weren't documents that described the authentication mechanisms that we
could direc
You missed both my points entirely.
Phil
On 2013-08-13, at 8:05, Justin Richer wrote:
> You can definitely issue or use other kinds of secrets with both dyn reg and
> the scim variant -- this was the reason we made a registry for the
> token_endpoint_auth_method at your (Phil's) request. Thi
Hi Phil,
I'm sorry for not following completely. Some questions inline...
On 8/13/13 11:00 AM, Phil Hunt wrote:
Dyn reg and the scim reg variant depend too much/biased towards
passwords expressed as client secrets.
I'm not sure what you mean in regards to "client secrets". There are
OAuth2 be
