Support RFC 7591 - Dynamic Client Registration

[thibaultamartin]

Feature

This RFC itself is quite short, implementing the (client registration endpoint will do the trick.

Context

OAuth2 is a framework that works great but needs clients to handle a client_id and sometimes client_secret. While this is not a problem with centralized services, this easily becomes a limitation for self-hosted solutions. Trying to register a Wallabag app against a Wallabag self-hosted instance can give you a good idea of how difficult it is for end-users.

Fortunately, the RFC 7591 - Dynamic Client Registration allows clients to ask the server for a client_id and client_secret, making it easy to use for end-users of self-hosted apps.

Alternatives

As a former UK PM said, there is no alternative

[thespooler]

Good idea, but I believe it to be out of scope for the current project. This would imply a storage backend. I can't talk for the author, but it seems to me that this library aims to not force choices regarding web framework and storage technologies for the developper. You could of course quite easily implement that as a custom Registrar (see ClientMap impl).

[Sytten]

I want to revisit this issue. I believe the library could include the endpoint / business logic portion like it does for other endpoints and let the pluggable backend handle the storage. We happen to need this flow so I will try to implement it in a fork.

[HeroicKatora]

Nice. It does sound feasible to stay true to the scope if the persistent implementation of the extended registrar primitive lives in a separate crate. Keep us updated on progress and if you'd like any maintainer inputs.