[mitreid-connect] How is enabled the trust between an openID client and the mitreid-connect server?

[Michael Furman]

Hi all,
I have launched the openid-connect-server-webapp server and the demo client (simple-web-app).

I see that during the dynamical registration the client registered with the random client secret (For the example
JqnXxNQzuAIg1qR0EZXS3WKfdKmvcKowlrIMQ0E8bDXrjRJjZA5nSJTxAeGlAaKVNQ9Qv3zoEUzhYSJyLJeFHg)

1) How the secret passed from the server to the client?
2) According to my understanding it is shared secret (i.e. the symmetric encryption).

Is it possible to use the asymmetric encryption to enable the trust between the openID client and the mitreid-connect server?

Thank you in advance for your help.

Best regards,
   Michael


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160824/3ca1a903/attachment.html