Add support for OAuth 2.0 Dynamic Client Registration Protocol.
By default, the OAuth2ClientRegistrationEndpointFilter is disabled. See the following integration test which demonstrates how to enable it with defaults. The default configuration requires authorization (an "initial" access token).
https://github.com/spring-projects/spring-security/blob/f3761aff990cf043b5793a609623eda8e2756424/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientRegistrationTests.java#L209
"Open registration" is also supported, which does not require an "initial" access token. See the following integration test and associated configuration.
https://github.com/spring-projects/spring-security/blob/f3761aff990cf043b5793a609623eda8e2756424/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientRegistrationTests.java#L229
Comment From: pkostrzewa
@jgrandja Can I pick this one?
Comment From: jgrandja
Thanks for your interest @pkostrzewa.
This feature is currently on-hold (as indicated in the labels) and will likely not get implemented for a couple months at least.
OpenID Connect 1.0 Client Registration Endpoint spring-projects/spring-authorization-server#57 is the priority at the moment and the work has started in spring-projects/spring-authorization-server#189.
Comment From: uhhhh2
@jgrandja Do I understand the status of this issue correctly? - Create a registration: OIDC spec RFC Spring Authorization Server issue (done) - Get a registration: OIDC spec RFC Spring Authorization Server issue (done) - Update a registration: RFC Unable to find Spring Authorization Server issue (probably not started yet?) - Delete a registration: RFC Unable to find Spring Authorization Server issue (probably not started yet?)
Comment From: jgrandja
@uhhhh2 Yes, the first 2 items are completed.
The last 2 items refer to RFC 7592 OAuth 2.0 Dynamic Client Registration Management Protocol, which does not have any tickets open at the moment. And would be a low priority item anyway, as we have many more features that still need to be built that are high priority.
This specific ticket addresses RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol, which is on-hold and is a low priority item as well.
Comment From: aphalke
@jgrandja can you please let us know tentative release when we will get this? And what would be the alternative way as of now to register the client dynamically? Thanks in advance, Atul.
Comment From: jgrandja
@aphalke OpenID Connect 1.0 Client Registration Endpoint has been implemented for a while now.
Comment From: proyupgrade
@jgrandja Do I understand the status of this issue correctly?
- Create a registration: OIDC spec RFC Spring Authorization Server issue (done)
- Get a registration: OIDC spec RFC Spring Authorization Server issue (done)
- Update a registration: RFC Unable to find Spring Authorization Server issue (probably not started yet?)
- Delete a registration: RFC Unable to find Spring Authorization Server issue (probably not started yet?)
@jgrandja Do you guys have any update regarding the "client registration update" feature? We're looking on possibly creating our own converter to achieve this, but wanted to know first if the feature was on your short-time roadmap.
Thanks.
Comment From: jgrandja
@proyupgrade The "Update a registration" feature is not on the roadmap. I'm not sure when it will be implemented as there are a few higher priority items ahead.
Comment From: oracle-fusion-middleware-team
Now do we have DCR and DCR-M fully implemented (the "Update a registration" )? @jgrandja Just to confirm before implementing my own..
Comment From: jgrandja
@oracle-fusion-middleware-team No it's not implemented. FYI, you can see the current feature list here.
Comment From: oracle-fusion-middleware-team
Thanks for the info Joe, I'll go ahead implement my own.
Comment From: Suvink
@oracle-fusion-middleware-team were you able to implement a workaround for update registrations?
Comment From: oracle-fusion-middleware-team
@Suvink Nope, we eventually decided not to use dynamic registrations...
Comment From: dciarniello
I've added my vote to this not for the basic dynamic registration but for the dynamic client registration management (RFC 7592).
Comment From: johansja
Any plan to support this? Looking forward to use Spring Authorization Server to support MCP Server Authorization.
Using the inspector against the server is showing this
My guess is that registration_endpoint is only added to openid-configuration endpoint and not the oauth-authorisation-server endpoint.
Comment From: jgrandja
We are planning on implementing this along with any other features needed for MCP Server Authorization support. We're in the planning stages now so please stay tuned.
Comment From: Kehrlann
Implementation note: RFC7591 mandates that "open registration" should be supported.
Comment From: jgrandja
This issue was transferred from spring-projects/spring-authorization-server#2195