Protecting the OIDC dynamic client registration endpoint
cantor.2 at osu.edu
Thu Apr 2 19:04:40 EDT 2020
On 4/2/20, 6:25 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Other than IP-based authorization, has anyone come up with any good ways of protecting the dynamic client
> registration endpoint?
I thought the whole idea of dynamic registration was to sort of pretend to secure OIDC by having the RP software simply acquire a client_secret in real time at first point of need with no additional authentication done. I didn't think it involved a deployer/human typically interacting with it, since that's typically the manual way. I could certainly be mistaken.
More information about the users