matrix-spec-proposals

d83a46e4 - MSC2966: Usage of OAuth 2.0 Dynamic Client Registration in Matrix (#2966)

MSC2966: Usage of OAuth 2.0 Dynamic Client Registration in Matrix (#2966) * OAuth 2.0 Dynamic Registration MSC * contacts is required non-empty * Make client_uri mandatory * Rework MSC - makes some metadata optional - better explain how each metadata field is used - better explain what the restrictions on redirect_uris are - remove the signed metadata part - mention the client metadata JSON document alternative * Mention the `token_endpoint_auth_method` client metadata * Update proposals/2966-oauth2-dynamic-registration.md Co-authored-by: Tonkku <4409524+tonkku107@users.noreply.github.com> * State that the homeserver should display the tos_uri and policy_uri * Make the wording for the refresh token clearer * Clarify that native callbacks with no slashes are allowed * Give an example where the server ignores an unsupported grant type * Add security considerations * must -> MUST, should -> SHOULD, may -> MAY * Clarify the client should store the client_id * Simplify definition of client_uri, already covered by the RFC * Explain the point of the MSC earlier Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Remove empty section * Explicitly state that the client_uri is required * Apply suggestions from code review Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Fix the web/native client sub-sub-sub sections * Clarify the localhost port-less redirect URIs * The server should return a 201 on successful registration * Explain better the restrictions on URIs * Allow custom ports in the redirect URI * Client regs won't grow exponentially * Explain how to mitigate the problem of client registrations growing over time. * Add missing metadata in the dynamic registration response * Make 'metadata localization' its own sub-sub-sub-sub-section Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Server may still deduplicate registrations Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Suggest different strategies to mitigate the growing number of client registrations * Let the server delete client registrations that have no active sessions * Really, shoud MUST do a new client reg * Make sure the summary doesn't sound authoritative * Put the links at the end of the file * Explain what is Matrix-specific, what is not --------- Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com> Co-authored-by: Tonkku <4409524+tonkku107@users.noreply.github.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>