IdentityServer 6.3 and Dynamic Client Registration

The second main feature of IdentityServer v6.3 is support for the Dynamic Client Registration (DCR) protocol.

This is on one hand part of our ongoing journey to implement all relevant protocols from the OAuth and OpenID Connect working groups, but also the start of a bigger effort around adding programmatic configuration capabilities to IdentityServer.

DCR really consists of a base specification (RFC 7591) and various add-ons defining additional client metadata elements. Most notably here are the OpenID Connect additions, but really almost every other spec added some more elements to DCR.

The below snippet shows how to use IdentityModel to register a new client for a machine to machine communication:

var client = new HttpClient();

var request = new DynamicClientRegistrationRequest
{
    Address = Constants.Authority + "/connect/dcr",
    Document = new()
    {
        GrantTypes = { "client_credentials" },
        Scope = "api1 api2"
    }
};

var response = await client.RegisterClientAsync(request);

var clientId = response.ClientId;
var clientSecret = response.ClientSecret;

IdentityServer 6.3 has built-in support for a subset of the client metadata found in the RFC and satellite specs, but has a rich extensibility model to add support for additional elements or custom logic as well as custom authentication and authorization.

sample / docs

The client registration endpoint is our first step towards a more complete programmatic configuration feature. For example, we will look into the Dynamic Client Registration Management protocol (RFC 7592) and also see if we can apply those patterns for registering scopes and resources in the future.