Handles RFC 7592 §2.3 client delete (deregistration) requests.

Takes the store, client-id, and bearer access-token. Authenticates the request and removes the client from the store. Returns nil on success. Throws ex-info with "invalid_token" on auth failure.

Handles RFC 7592 client read requests.

Takes the store implementing oidc-provider.protocol/ClientStore, client-id, and the bearer access-token presented by the caller. Returns the client configuration map if the token is valid. Throws ex-info with "invalid_token" when the client is unknown or the token does not match.

Handles RFC 7592 §2.2 client update requests.

Takes the store, client-id, bearer access-token, and the updated metadata request map with keyword keys. The request is a full replacement of mutable metadata; immutable fields (client_id, client_secret, registration_access_token) are ignored per RFC 7592 §2.2. Returns the updated client configuration map. Throws ex-info with "invalid_token" on auth failure or "invalid_client_metadata" on validation errors.

Processes a dynamic client registration request per RFC 7591.

Takes a request map with keyword keys, a client-store implementing oidc-provider.protocol/ClientStore, and an optional opts map. The opts map supports :clock (a java.time.Clock, defaults to UTC) for generating client_id_issued_at, and :registration-endpoint (a base URL string) for constructing registration_client_uri per RFC 7592.

Throws ex-info with "invalid_client_metadata" message on validation errors.

Malli schema for an RFC 7591 client registration request.

Malli schema for an RFC 7591 client registration response.