You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The client-bound "instance_id" could serve as the hook we would need for RFC7592 style dynamic client management, including additional components like key rotation. If the AS returns an object instead of a string here, that could include everything that the client would need in order to make REST-style management calls, similar to token management.
The client would sign all requests with its key and use the presented access token. A "POST" or "PATCH" request would update client information, including having a method for key rotation using nested signatures. A "DELETE" request would un-register the client, etc.
The text was updated successfully, but these errors were encountered:
The AS may also want to prevent some clients from updating certain information after a user has authorized it, such as when the user goes through a consent flow, wanting to make sure the user can continue to identify the client it has authorized later.
But aside from that I agree it's a short leap to enable a management protocol this way.
§3.5 Returning Dynamically-bound Reference Handles: Editor's note:
The client-bound "instance_id" could serve as the hook we would need for RFC7592 style dynamic client management, including additional components like key rotation. If the AS returns an object instead of a string here, that could include everything that the client would need in order to make REST-style management calls, similar to token management.
The client would sign all requests with its key and use the presented access token. A "POST" or "PATCH" request would update client information, including having a method for key rotation using nested signatures. A "DELETE" request would un-register the client, etc.
The text was updated successfully, but these errors were encountered: