<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">By default, simple-web-app is set up to use dynamic client registration:<div class=""><br class=""></div><div class=""><a href="https://tools.ietf.org/html/rfc7591" class="">https://tools.ietf.org/html/rfc7591</a></div><div class=""><br class=""></div><div class="">The server generates an ID and secret and hands them to the client as part of this protocol. This is not using symmetric encryption or symmetric signatures.</div><div class=""><br class=""></div><div class="">It is possible to use asymmetric signatures to authenticate the client, but the client needs to register its JWK value or JWK Set URI with the server to do so.</div><div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Aug 24, 2016, at 9:15 AM, Michael Furman <<a href="mailto:michael_furman@hotmail.com" class="">michael_furman@hotmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div id="divtagdefaultwrapper" style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Arial, Helvetica, sans-serif;" class=""><p style="margin-top: 0px; margin-bottom: 0px;" class=""></p><div class=""><div style="margin-top: 0px; margin-bottom: 0px;" class="">Hi all,<br class=""></div><div style="margin-top: 0px; margin-bottom: 0px;" class="">I have launched the openid-connect-server-webapp server and the demo client (simple-web-app).</div><div style="margin-top: 0px; margin-bottom: 0px;" class=""><br class="">I see that during the dynamical registration the client registered with the random client secret (For the example<span class="Apple-converted-space"> </span><br class="">JqnXxNQzuAIg1qR0EZXS3WKfdKmvcKowlrIMQ0E8bDXrjRJjZA5nSJTxAeGlAaKVNQ9Qv3zoEUzhYSJyLJeFHg)</div><p class="MsoNormal" style="margin-top: 0px; margin-bottom: 0px;"> </p><div style="margin-top: 0px; margin-bottom: 0px;" class="">1) How the secret passed from the server to the client?</div><div style="margin-top: 0px; margin-bottom: 0px;" class="">2) According to my understanding it is shared secret (i.e. the symmetric encryption).</div><p class="MsoNormal" style="margin-top: 0px; margin-bottom: 0px;"> </p><div style="margin-top: 0px; margin-bottom: 0px;" class="">Is it possible to use the asymmetric encryption to enable the trust between the openID client and the<span class="rphighlightallclass"><span class="Apple-converted-space"> </span>mitreid-connect</span><span class="Apple-converted-space"> </span>server?</div><p class="MsoNormal" style="margin-top: 0px; margin-bottom: 0px;"> </p><div style="margin-top: 0px; margin-bottom: 0px;" class="">Thank you in advance for your help.</div><p class="MsoNormal" style="margin-top: 0px; margin-bottom: 0px;"> </p><div style="margin-top: 0px; margin-bottom: 0px;" class="">Best regards,</div><div style="margin-top: 0px; margin-bottom: 0px;" class=""><span class=""> <span class="Apple-converted-space"> </span></span>Michael</div><p class="MsoNormal" style="margin-top: 0px; margin-bottom: 0px;"> </p></div><br class=""><p style="margin-top: 0px; margin-bottom: 0px;" class=""></p></div><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">_______________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">mitreid-connect mailing list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="mailto:mitreid-connect@mit.edu" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">mitreid-connect@mit.edu</a><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></div></blockquote></div><br class=""></div></body></html>