Dynamic Client Registration

[NoelDeMartin]

Would support for Dynamic Client Registration be considered within the scope of this package? Of course, it would be disabled by default and could be enabled like so:

Passport::enableDynamicClientRegistration();

Similar to how implicit grant is enabled. This is useful in order to provide authentication for SPAs who don't have a backend and can't be trusted with client secrets, so a dynamic registration is provided and authentication is performed only with a client_id unique to each instance. More details can be read on the specification: RFC 7951 - OAuth 2.0 Dynamic Client Registration Protocol

[Sephster]

We could probably add this into the OAuth2-Server if you want to raise an issue there?

[NoelDeMartin]

@Sephster I can open it if you want, but I was not aware that OAuth2-Server handled client registration. For what I have seen in this repository, client registration is implemented here: https://github.com/laravel/passport/blob/7.0/src/ClientRepository.php#L102..L117 And ClientRepositoryInterface from OAuth2-Server is only used to retrieve clients, not create them.

[Sephster]

The server is intentionally flexible so we haven't defined client registration to leave it up to the implementer. If this is required to support the dynamic registration rfc though, we could probably add it in. Thanks for raising the issue so we can track it.

[driesvints]

Heya, going to close this as you've created an issue at oauth2-server: thephpleague/oauth2-server#934

Let us know how it goes and we might also be able to provide support for this once it's merged in oauth2-server! :)

[driesvints]

Going to re-open this to keep track of it here as well.

[driesvints]

Closing this again until OAuth2 Server has implemented this.