authlib icon indicating copy to clipboard operation
authlib copied to clipboard
verified publisher icon lepture

RFC7591 Registration client API

Open azmeuk opened this issue 2 years ago • 0 comments

authlib implements RFC7591 so one can built authorization servers with dynamic client registration. However it seems there is nothing implemented to actually register a client.

I suggest adding a parameters to BaseOAuth.register:

  • registration_url, that would expect a registration endpoint (https://auth.mydomain.tld/register) and that could be guessed from the server registration_endpoint metadata.
  • registration_token, that would be an optional token the server may expect to allow registration
  • any claim that is defined in RFC7591

That way a dynamic registration could be achieved this way:

oauth = OAuth()
oauth.register(
    name="foobar",
    server_metadata_url="https://auth.mydomain.tld/.well-known/openid-configuration",
    registration_token="my-super-secret",
    client_name="foobar",
    redirect_uris=url_for("oauth.authorize", _external=True),
    ...
)

I suppose we should also think of the way to implement RFC7592 too.

What do you think? Do you have better implementation suggestions?

azmeuk avatar Jan 26 '23 19:01 azmeuk