oauth2.dev

client_id

IESG

Registry Context

`client_id` is the required OAuth 2.0 client identifier returned in a successful dynamic client registration response.

Technical Summary

RFC 7591 defines `client_id` as a REQUIRED client information response member containing an OAuth 2.0 client identifier string. It SHOULD NOT be currently valid for another registered client, although the authorization server MAY issue the same identifier to multiple instances of a registered client.

When Used

In the client information response returned by the dynamic client registration endpoint.

Normative Requirements

Authorization servers

REQUIRED
1
  1. RFC 7591 - Section 3.2.1

    include `client_id` as an OAuth 2.0 client identifier string in the client information response..

    Condition: when returning a client information response

    client_id REQUIRED.

SHOULD NOT
1
  1. RFC 7591 - Section 3.2.1

    make the `client_id` currently valid for any other registered client..

    Condition: when assigning a `client_id`

    It SHOULD NOT be currently valid for any other registered client

MAY
1
  1. RFC 7591 - Section 3.2.1

    issue the same client identifier to multiple instances of a registered client..

    Condition: at its discretion

    an authorization server MAY issue the same client identifier to multiple instances of a registered client

Validation Guidance

error

Reject or flag a client information response that omits `client_id`.

warning

Warn if a `client_id` is currently valid for another registered client, unless it is shared among multiple instances of the same registered client.

info

Allow an authorization server to issue the same `client_id` to multiple instances of a registered client.

Reference

Details

Entry Id
client_id
Client Metadata Name
client_id
Client Metadata Description
Client identifier
Change Controller
IESG
Reference
RFC7591