[Openid-specs-ab] BCP for client apps registration
sakimura at gmail.com
Mon Aug 5 19:19:21 UTC 2019
What would be the best way to register an app on a mobile device?
Using pkce as in BCP 212 is great. However, if you want to implement a
layered permission model, it will hit a roadblock.
The flow I can think of is like this.
1. Use pkce to get an access token.
2. Send the access token to client registration end point to obtain client
ID on the client secret.
Thereafter, the app behaves as a confidential client.
What do you think?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab