I'm trying to understand the client_secret_expires_at parameter in Dynamic Client Registration? It seems rather awkward to have an expiration in this protocol that doesn't allow for anything to be done after expiration other than doing a whole new registration (and thus losing the client id).
And why does expiration only apply to the client secret? If there's a need for expiration, isn't it broader than that and apply to the whole client or the client id? I tried to ask these questions, more or less, in April during last call but there was no response: http://www.ietf.org/mail-archive/web/oauth/current/msg12738.html On Tue, Jul 8, 2014 at 5:46 AM, Hannes Tschofenig <[email protected]> wrote: > Hi all, > > I am working on the shepherd writeup for the dynamic client registration > draft. > > You can find the latest draft here: > https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_DynamicClientRegistration.txt > > As you can see it is still incomplete. > > I would need information about the implementation status. > > Ciao > Hannes > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
