dickhardt
commented
3 years ago Suggested new text for 2.4
This specification does not require that clients be registered with the authorization server. However, the use of unregistered clients is beyond the scope of this specification and requires additional security analysis and review of its interoperability impact.
I don't know what Justin's suggestion for 2.2 would entail or how it would resolve.
from Justin:
§2.4: We need to define what exactly an “unregistered client” is if we’re going to refer to it here. I think rewriting of §2.2 could help address a lot of this.