I’m not sure what you’re asking — the text is not left over from anything and
is intentionally included. That text is saying that if I leave out the field
then the server treats it just like as if I had sent in a null value. So the
following are equivalent:
{
“client_name”: “foo”,
“tos_uri”: null
}
And
{
“client_name”: “foo”,
}
In both cases, it’s a signal that the client is removing the value from the
“tos_uri” field. It does not mean that the AS leaves the “tos_uri” field with
the value that it previously was (ie, a PATCH style request).
The AS can reject the update request if it doesn’t want to allow the client to
blank out that field, for whatever reason.
— Justin
> On Mar 4, 2020, at 10:42 AM, Filip Skokan <panva...@gmail.com> wrote:
>
> So the following
>
> Omitted fields MUST be treated as null or empty values by the server,
> indicating the client's request to delete them from the client's registration.
>
> Does not mean the server needs to accept requests where fields are omitted?
> Is that a left over from previous drafts then?
>
> S pozdravem,
> Filip Skokan
>
>
> On Wed, 4 Mar 2020 at 16:37, Justin Richer <jric...@mit.edu
> <mailto:jric...@mit.edu>> wrote:
> Your interpretation was our intent with that. It’s a full replace of the
> object. We had debating having PATCH style semantics, but ultimately decided
> that that was too complex for the most common update actions that a client
> would have.
>
> — Justin
>
>> On Mar 3, 2020, at 8:42 AM, Filip Skokan <panva...@gmail.com
>> <mailto:panva...@gmail.com>> wrote:
>>
>> Hello everyone,
>>
>> Section 2.2 of RFC 7592 <https://tools.ietf.org/html/rfc7592#section-2.2>
>> (Dynamic Client Registration Management Protocol) has the following two
>> statements that oppose one another.
>>
>> This request MUST include all client metadata fields as returned to the
>> client from a previous registration, read, or update operation.
>>
>> Omitted fields MUST be treated as null or empty values by the server,
>> indicating the client's request to delete them from the client's
>> registration.
>>
>> What's the intention here? Should a server be accepting requests that are
>> missing client properties it has either on the record or "resolved" or not?
>>
>> Personally I like to always make sure the client submits everything and to
>> remove properties it must pass null or empty string as the values. That way
>> the request is 100% intentional about the final state of the record it wants
>> to update to.
>>
>> What do you think?
>>
>> Best,
>> Filip
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth
>> <https://www.ietf.org/mailman/listinfo/oauth>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
