Hello everyone, Section 2.2 of RFC 7592 <https://tools.ietf.org/html/rfc7592#section-2.2> (Dynamic Client Registration Management Protocol) has the following two statements that oppose one another.
This request MUST include all client metadata fields as returned to the > client from a previous registration, read, or update operation. Omitted fields MUST be treated as null or empty values by the server, > indicating the client's request to delete them from the client's > registration. What's the intention here? Should a server be accepting requests that are missing client properties it has either on the record or "resolved" or not? Personally I like to always make sure the client submits everything and to remove properties it must pass null or empty string as the values. That way the request is 100% intentional about the final state of the record it wants to update to. What do you think? Best, *Filip*
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
