OIDC dynamic client registration validity
Cantor, Scott
cantor.2 at osu.edu
Tue Mar 1 18:16:33 UTC 2022
On 3/1/22, 12:56 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> The docs and the commented out value shipped with the IdP state that it's a 24-hour default for registration
> validity. Seems short to me, but who am I to judge.
I think it's geared toward clients that just do it automatically every so often and track it in memory. I don't really think this model makes any sense. I think it makes much more sense to just allow for unregistered clients using client authentication against LDAP or something along those lines.
> I'm going to register something later this afternoon and see if that expires field gets filled in. If it does, then
> this was a (possibly unintentional) change in the last release of the OIDC module.
I don't see any history suggesting it's changed, it always used whatever was in the configuration or a default.
> If I don't want registrations to expire, what would I set that to? I haven't tried a negative number yet, but I
> haven't had much success with that trick in most cases.
Zero. The Javadoc was wrong, a null won't do that, it just uses the default of a day.
-- Scott
More information about the users
mailing list