Skip to content
oidc-provider

features.registrationManagement

RFC7592 - OAuth 2.0 Dynamic Client Registration Management Protocol

Specifies whether Dynamic Client Registration Management capabilities shall be enabled. When enabled, the authorization server shall expose Update and Delete operations as defined in RFC 7592, allowing clients to modify or remove their registration entries using Registration Access Tokens for client lifecycle management operations.

default value:

{
  enabled: false,
  rotateRegistrationAccessToken: true
}
(Click to expand) features.registrationManagement options details

rotateRegistrationAccessToken

Section titled “rotateRegistrationAccessToken”

Specifies whether registration access token rotation shall be enabled as a security policy for client registration management operations. When token rotation is active, the authorization server shall discard the current Registration Access Token upon successful update operations and issue a new token, returning it to the client with the Registration Update Response.

Supported values include:

  • false - Registration access tokens shall not be rotated and remain valid after use
  • true - Registration access tokens shall be rotated when used for management operations
  • Function - A function that shall be invoked to dynamically determine whether rotation should occur based on request context and authorization server policy

default value:

true

Example: (Click to expand) Dynamic token rotation policy implementation.

{
  features: {
    registrationManagement: {
      enabled: true,
      async rotateRegistrationAccessToken(ctx) {
        // return tokenRecentlyRotated(ctx.oidc.entities.RegistrationAccessToken);
        // or
        // return customClientBasedPolicy(ctx.oidc.entities.Client);
      }
    }
  }
}