Closed dmitrizagidulin closed 4 years ago
I think we need to clarify expectations on client_id
, for example if client uses WebID and OP verifies it, it should use that WebID as client_id
. If not we should find another way to prevent having two different client_id
. Possibly we should also take another look at Client ID per Client Instance or per Client Software in OAuth 2.0 Dynamic Client Registration Protocol. It seems that WebID denotes Client Software not Client Instance running on specific device. IMO we can identify Client Instance indirectly by public key used for sender constrained tokens/credentials (cnf
).
@elf-pavlik good points. I plan to address them in sections 2.2.3 Classifying Clients
and 2.2.4 Client Identifiers
.
Part of ongoing implementation of https://github.com/solid/specification/issues/74