Idea Details

Enhance providing the client key and client secret on openid client registration

Last activity 19 days ago
Chris Cornell's profile image
11-18-2019 02:48 PM

Currently when creating/registering a new OIDC client through the endpoints, the client_key and client_secret values seem to be ignored.  They are then replaced with default/auto-generated UUID values.  We would like the ability to control what those values get set to when registering the clients through the APIs.


Comments

19 days ago

Hi Chris
The OIDC client registration endpoint is developed in a way that follows the "OIDC Dynamic Client Registration" spec. in section 3.1 of Registration Request https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationRequest, it is stated that:
"the Client sends an HTTP POST message to the Client Registration Endpoint with any Client Metadata parameters that the Client chooses to specify for itself during the registration. The Authorization Server assigns this Client a unique Client Identifier, optionally assigns a Client Secret, and associates the Metadata given in the request with the issued Client Identifier."

The Client Identifier and secret are not among the Client Metadata that can be specified in the request.

Regards,
Helen