Hi, Are there any best practices for clients that want to use Dynamic Client Registration and plan to register a public key (rather than receiving back a shared client_secret), to use DPoP to prove possession of the matching private key and also integrity protect the JSON object passed to the registration endpoint?
I'm aware of the client attestation work but that isn't quite the same thing. Thoughts? Thanks, George ______________________________________________________________________ The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
