for draft-hardjono-oauth-dynreg, would it make sense to have a type where no redirect_url is passed and instead the client registration endpoint assigns the redirect uri itself?
for instance, a mobile app might request this type of registration and the client registration endpoint could assign the redirect_uri to a url belonging to the authorization server. if, for instance, the mobile app is using an embedded user-agent, upon authorization, it can retrieve the code param from the url when the page is loaded. thanks, tom
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth