Hi Justin, just one comment on this specific issue:
On Feb 6, 2013, at 10:34 PM, Justin Richer wrote: > 1. client shows up at the Client Registration Endpoint, posts a JSON object > with a few bits of metadata about itself (and potentially presents an Access > Token that it got from some out of band process that acts as a "class > registration" or "developer key", important to several known real-world use > cases) The starting point of the dynamic registry document was that the client does not yet have some secret with the authorization server and for that reason it does all this dance. Now, you write that it may have some "developer key" (which is sort of similar to what the client id/client secret is). That cannot be right. Ciao Hannes _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
