Dynamic Client Registration
Provides a way for Clients to introduce themselves to Authorization Servers.
Allowing Clients to register themselves at runtime.
Authorization Server can then provision a unique Client ID and Client Secret (if appropriate) to the Client which can then be used for all subsequent OAuth transactions.
Can be used by native applications (such as mobile apps) to register themselves and have a unique Client ID & Client Secret per instance.
Client being registered with the Authorization Server doesn't entitle the Client access to any resources protected by the Authorization Server.
Key fact which differentiates OAuth from other security protocols where the registration event carries with it authority to access resources and therefore needs to be protected by a strict onboarding process.
The Client will need to discover the Authorization's Server Client Registration endpoint by sending a request to:
/.well-known/oauth-authorization-server
This is done by sending a simple HTTP request to the Authorization Server's Client Registration Endpoint:
Endpoint can be protected by authorization (also can be open registration as shown in the example below).
Last updated