OAuth logoI’ve posted an updated set of OAuth Dynamic Client Registration specifications that refactors the previous single specification into three specs:

  • OAuth 2.0 Dynamic Client Registration Core Protocol
  • OAuth 2.0 Dynamic Client Registration Metadata
  • OAuth 2.0 Dynamic Client Registration Management Protocol

This refactoring was the result of discussions at IETF 88 in Vancouver, BC. These refactored specifications are compatible with the previous single specification.

The Core specification contains only the definitions needed to perform dynamic registrations. It contains a completely rewritten Use Cases appendix, intended to clarify the different ways that dynamic registration can be performed. It also adds the Software Statement abstraction invented by Phil Hunt — enabling assertions to be made and used about the client software being registered.

The Metadata specification defines useful client metadata values that are nonetheless not essential to the core, such as “client_name“, “logo_uri“, and “software_id“. These were previously defined in the single dynamic registration spec.

The Management specification defines the client management operations Read, Update, and Delete, and addresses client secret rotation. These were previously defined in the single dynamic registration spec.

The drafts are available at:

HTML formatted versions are also available at:

These versions build upon prior restructuring work done by both Justin Richer and Phil Hunt.