for draft-hardjono-oauth-dynreg, would it make sense to have a type where
no redirect_url is passed and instead the client registration endpoint
assigns the redirect uri itself?

for instance, a mobile app might request this type of registration and the
client registration endpoint could assign the redirect_uri to a url
belonging to the authorization server.  if, for instance, the mobile app is
using an embedded user-agent, upon authorization, it can retrieve the code
param from the url when the page is loaded.

thanks,
tom
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to