[Openid-specs-ab] Question on Dynamic Registration
jricher at mit.edu
Thu Jun 1 01:12:57 UTC 2017
The server needs to make sure that they’re consistent at the end of a successful registration. This could take the form of forcing the client to register a consistent set (response_type=code, grant_type=authorization_code) and returning an error otherwise. Alternatively, the server could try to fill in the missing blanks for the client. Whatever the server decides is the result, it echoes back to the client, effectively dictating to the client the results of the registration.
If the server doesn’t support the requested grant type or response type, it should probably fail the registration request. If it doesn’t, it will just fail the authorization request later on.
> On May 31, 2017, at 1:59 PM, Preibisch, Sascha H via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> Hi all!
> A team member and I just had a discussion about dynamic registration. Specifically about this section:
> http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata <http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata>
> We are not sure how "response_types" and "grant_types" are expected to be handled. This is not clear to us:
> if a client registers for any other response_type than "code", is the client required to also include a "grant_type"?
> Or is it that the server has to be configured to support the matching grant_type and fail otherwise?
> Should the server return the matching grant_types although the spec. says to return "authorization_code" in the case of being omitted?
> It would be great to get some clarification on that.
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab