Glossary / Authorization
Dynamic Client Registration
Dynamic client registration is an OAuth 2.0 protocol that lets a client register itself with an authorization server programmatically at runtime, receiving its client identifier and credentials through an API instead of manual configuration.
Also: dcr
Dynamic client registration replaces manual onboarding with an API call. A new application sends a registration request describing itself, including its redirect URIs and the grant types it intends to use, and the authorization server responds with a client identifier and, where applicable, a client secret.
Without this protocol, every application that wants to use an authorization server has to be configured by hand in advance. Dynamic registration makes the relationship self-service, which matters when the set of clients is large, changing, or not known ahead of time.
The protocol is paired with registration access tokens that let a client read and update its own registration later. Servers typically gate registration behind an initial access token or policy controls to prevent unrestricted self-registration.
For CIAM and open ecosystems, dynamic client registration supports models where many third-party or partner applications connect to a platform, such as open banking, by letting them onboard through an API rather than a ticket queue.
Sources
- IETF RFC 7591, OAuth 2.0 Dynamic Client Registration Protocol: https://datatracker.ietf.org/doc/html/rfc7591
Related terms
Standards
- IETF RFC 7591