Hello all,
Recently I started investigating in developing Android apps (so public
clients) for my products. I use Dynamic Client Registration (DCR) and
want to use Software Statement Assertion (SSA) too. Now I am wondering
if I should hardcode my software statement in the app, or that I should
host the software statement on a HTTPS location I own. With the first
option, I may not be able to resign the software statement with a new
private key if I have to; with the last option, I have no standardized
way to get the software statement. Is there some plan to make it
possible to discover software statements by `software_id` and
`software_version` in combination with some .well-known or DNS
mechanism? And am I doing things right in the first place?
Thanks in advance
Ben
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
