Closed ruiengana closed 4 years ago
panva
commented
4 years ago You're not creating a Request Object for DCR are you tho. You just want a JWT/JWS. A Request Object has no use at the DCR endpoint.
As alternative, I can use a different library just to create the Request Object I need, and leverage openid-client lib only after client is registered.
That is absolutely what you're expected to do. Use something like https://github.com/panva/jose for that.
ruiengana
commented
4 years ago Thank you quick response.
I do need to create a Request Object (JWS) for a DCR. See https://openbankinguk.github.io/dcr-docs-pub/v3.3/dynamic-client-registration.html
POST /register The API allows the TPP to request the ASPSP to register (create) a new client The TPP submits a JWS payload that describes the characteristics of the client to be created. If client creation is successful, the ASPSP responds with a JSON payload that describes the client that was created. The TPP can then use the client to access resources on the ASPSP's resource server. If client creation is unsuccessful, the ASPSP responds with an error payload.
panva
commented
4 years ago That is not a Request Object, its a generic JWS.
Is your feature request related to a problem? Please describe. In a dynamic client registration scenario, we need to use client.requestObject() to sign registration payload, however, we still don't have a client_id assigned from the AS. Client instance requires a client_id to be supplied, this is causing us to be unable to use openid-client for dynamic client registration scenarios.
Describe the solution you'd like I would like to instantiate a Client instance without a client_id so I can call client.requestObject(), or at least to be able to sign a payload where client_id is not present.
Describe alternatives you've considered As alternative, I can use a different library just to create the Request Object I need, and leverage openid-client lib only after client is registered.
Additional context None.