Hi, we just stumbled upon this [1] statement: "Except when using a mechanism like Dynamic Client Registration [RFC7591] to provision per-instance secrets, native apps are classified as public clients ..."
What does this mean for us? Native App + Dynamic Client Registration = Confidential Client? Which threats are covered if Dynamic Client Registration is used on Native Apps? Best Regards, Vladi/Christian [1]: https://tools.ietf.org/html/rfc8252#section-8.4 -- Dr.-Ing. Christian Mainka Horst Görtz Institute for IT-Security Chair for Network and Data Security Ruhr-University Bochum, Germany Universitätsstr. 150, ID 2/463 D-44801 Bochum, Germany Telefon: +49 (0) 234 / 32-26796 Fax: +49 (0) 234 / 32-14347 http://nds.rub.de/chair/people/cmainka/ @CheariX _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
