Because a client in client discovery likely wont have any prior interaction with an AS to establish a client_secret (as is the case in traditional OAuth2) the language about this should be removed in favour of elaborating on signed requests using asymmetric cryptography.
Because a client in client discovery likely wont have any prior interaction with an AS to establish a client_secret (as is the case in traditional OAuth2) the language about this should be removed in favour of elaborating on signed requests using asymmetric cryptography.