OAuth 2 Dynamic Client Registration
Рет қаралды 5,447
Күн бұрын🔥More exclusive content: productioncode...
Twitter: / _jgoebel
Website: jangoebel.com
Blog: productioncode...
Dynamic Client Registration RFC: tools.ietf.org...
Instead of manually registering an OAuth 2 application by entering information in some sort of API dashboard, you can actually register an application programmatically. This is called OAuth 2 Dynamic Client Registration.
OAuth 2.0 Dynamic Client registration is very useful when building OAuth API Management dashboards and can even be used to make a native app a confidential client. A native app can dynamically register itself leveraging the Dynamic Client Registration capabilities of the OAuth authorization server and then securely store a client secret on the user's mobile device.
In addition Dynamic Client Registration comes in handy if you have to detail with a lot of different OAuth providers. This is for example the case when you are building an open banking application where you need to potentially connect to hundreds of different banks.
@douggarner2766 Жыл бұрын
Great! Thanks for doing this, very clean and clear explanation
@jgoebel Жыл бұрын
Glad you enjoyed it!
@ArvindKumar-oz6jg Жыл бұрын
Great explanation, it would be nice to see some explanation/video around newer "OpenID Connect For Identity Assurance" as well as any recent changes w.r.t. Open Banking Dynamic Client Registration
@Drcalatayud Жыл бұрын
Regarding the application in a Mobile client. Wouldn't it be better to have a backend auth server for the specific app and register the complete app instead of cell phone by cellphone? By that I mean just have one client_id, and secret_id for the app, let's say Uber.
@ahira_justice Жыл бұрын
I was going to ask this too. Seems like with what the video suggests, there'll be an explosion of clients.
@jgoebel Жыл бұрын
yes that would be the downside. But in most cases you will not need that anyway because in most cases the app does have a backend, so it would be a confidential client because the client credentials can be stored on the backend
@AshaRaj1989 2 жыл бұрын
Thank you for the explanation. Can you explain more in detail how to conduct dynamic registration? with more flow diagrams?
@HendersonHarrisson 2 жыл бұрын
Great video!
@jgoebel 2 жыл бұрын
Thanks!
Аман Тасыған
Рет қаралды 521 М.
Implementing an OAuth 2 authorization server with Spring Security - the new way! by Laurentiu Spilca
Spring I/O
Рет қаралды 48 М.
Postman
Рет қаралды 957
Spring Boot TUTORIAL.
Рет қаралды 10 М.