Connect to stricter OAuth providers with outbound CIMD support
Remote session OAuth now works with identity providers that require Client ID Metadata Documents (CIMD), so organizations with stricter upstream authorization servers can register outbound clients without a shared secret.
Features
Outbound CIMD support for remote session OAuth#3706 - Create a
in CIMD mode: Gram generates the client ID, hosts a public client metadata document, and sends that URL as the client ID on every outbound authorize, token, and refresh call, with no symmetric secret required. Issuer discovery now detects CIMD support automatically, which gates the new option, and the client and issuer views surface the metadata URL and support status. (Author: @bflad)