client_ id
Registry Context
`client_id` is the required OAuth 2.0 client identifier returned in a successful dynamic client registration response.
Technical Summary
RFC 7591 defines `client_id` as a REQUIRED client information response member containing an OAuth 2.0 client identifier string. It SHOULD NOT be currently valid for another registered client, although the authorization server MAY issue the same identifier to multiple instances of a registered client.
When Used
In the client information response returned by the dynamic client registration endpoint.
Normative Requirements
Authorization servers
RFC 7591 - Section 3.2.1
include `client_id` as an OAuth 2.0 client identifier string in the client information response..
Condition: when returning a client information response
client_id REQUIRED.
RFC 7591 - Section 3.2.1
make the `client_id` currently valid for any other registered client..
Condition: when assigning a `client_id`
It SHOULD NOT be currently valid for any other registered client
RFC 7591 - Section 3.2.1
issue the same client identifier to multiple instances of a registered client..
Condition: at its discretion
an authorization server MAY issue the same client identifier to multiple instances of a registered client
Validation Guidance
Reject or flag a client information response that omits `client_id`.
Warn if a `client_id` is currently valid for another registered client, unless it is shared among multiple instances of the same registered client.
Allow an authorization server to issue the same `client_id` to multiple instances of a registered client.
Reference
Details
- Entry Id
client_id - Client Metadata Name
client_id - Client Metadata Description
Client identifier- Change Controller
IESG- Reference
RFC7591