Regarding our conversation yesterday for OAuth and API aggregation, I mentioned that while working on PSD2/Open Banking we've been doing similar, for instance with a third party who would register on behalf of a fourth party. I've tracked down https://bitbucket.org/openid/obuk/src/6b4300bdc872dd55573f3ce9c65b66ada640efaf/uk-openbanking-registration-profile.md as the definition for the way this works with the use of new fields in the Signed Software Assertions (for use with https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1078034771/Dynamic+Client+Registration+-+v3.1). It may be worth reaching out to OpenID/Open Banking to see if they've got this officially specified about this, or whether this is the latest source of truth you can use Hope this helps with your hope to standardise this into an OAuth spec!
This was published using https://micropublish.net.
This post was filed under replies.