solid-oidc icon indicating copy to clipboard operation
solid-oidc copied to clipboard

Published 20 hours ago verified publisher icon solid

Dynamic Registration requirement level for OP

Open elf-pavlik opened this issue 1 year ago • 1 comments

This is one of the issues raised in a conversation with @dteleguin

5.2. OIDC Registration

For non-dereferencable identifiers, the Client MUST present a client_id value that has been registered with the OP via either OIDC dynamic or static registration. See also [OIDC-DYNAMIC-CLIENT-REGISTRATION].

When requesting Dynamic Client Registration, the Client MUST specify the scope in the metadata and include webid in its value (space-separated list).

The spec doesn't say clearly if the OIDC Provider MUST, SHOULD, or MAY support Dynamic Registration.

I don't think OP MUST provide DynReg and we should clarify it with explicit SHOULD or MAY.

As far as I recall, Keycloack would need to enable CORS on the Client Registration Endpoint to work with Solid-OIDC. Leaving DynReg optional should result in more fully conformant OPs.

elf-pavlik avatar Mar 02 '23 18:03 elf-pavlik