I believe that client_secret_expires_at was a signal to clients that they
should plan on retrieving a new client_secret value around that time. That
makes sense if you have the management protocol to do so, but I agree with you
that it isn't very useful without it. Maybe it should be moved to
+1 We need an appropriate cred rotation method still.
Phil
On Jul 10, 2014, at 14:43, Brian Campbell bcampb...@pingidentity.com wrote:
I'm trying to understand the client_secret_expires_at parameter in
Dynamic Client Registration? It seems rather awkward to have an
expiration in this