[Openid-specs-ab] request_uris parameter of Dynamic Client Registration

Mike Jones Michael.Jones at microsoft.com
Wed Nov 26 21:05:52 UTC 2014

To rotate the keys, you just write new keys to the location pointed to by jwks_uri.  This is described at http://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys and subsequent sections.  You don't perform a new registration or get a new Client ID or Client Secret.

				-- Mike

-----Original Message-----
From: Mike Schwartz [mailto:mike at gluu.org] 
Sent: Wednesday, November 26, 2014 1:02 PM
To: John Bradley
Cc: Chuck Mortimore; Mike Jones; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] request_uris parameter of Dynamic Client Registration

On 2014-11-26 14:23, John Bradley wrote:

> I think I recommended using the jwks_uri in registration for the 
> client to publish an endpoint for it’s keys if it is going to rotate 
> them.

jwks_uri is a great idea...

To update the client secret, a new client is registered with the same jwks_uri?

And "Sector Identifier" also looks very interesting. Good point Mike Jones...

- Mike Schwartz

More information about the Openid-specs-ab mailing list