[Openid-specs-ab] Does Connect support public clients?
John Bradley
ve7jtb at ve7jtb.com
Mon Feb 20 19:53:35 UTC 2012
All clients must register there redirect_url and get a client_id.
They are not required to use the client secret if they are public clients.
We talked about allowing a client_id of "public" and not requiring pre-registerd redirect_uri, but the feedback was that IdP were uncomfortable giving access tokens to unknown clients.
OAuth recommends against public clients with unregistered redirect_uri.
In a effort to have some balance we do have dynamic registration for clients.
If a user wants to revoke a client not having all of them with the same client_id is probably an advantage.
If it is something you think you need I am open to discussing it.
John B.
On 2012-02-20, at 3:58 PM, Torsten Lodderstedt wrote:
> Hi all,
>
> I'm unable to find out whether OpenID Connect supports public clients. It seems Connect assumes all clients register with the OP and obtain a client credential. If this observation is correct, what is the reason for being more restrictive than OAuth?
>
> regards,
> Torsten.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120220/8f066b52/attachment.p7s>
More information about the Openid-specs-ab
mailing list