Dynamic Client Registration (DCR) FAQs
IMPORTANTThis document provides high overview answers for frequently asked questions about the Adobe Pass Authentication Dynamic Client Registration (DCR) adoption.
For more information about the Dynamic Client Registration (DCR) overall, see the Dynamic Client Registration Overview documentation.
General FAQs
Start with this section if you are working on an application that needs to integrate the Dynamic Client Registration (DCR), whether it is a new application or an existing one that migrates from one of the previous mechanisms.
REST API V2 Access FAQs
REST API V2 Access FAQs
1. What’s the purpose of the Registration Phase?
The purpose of the Registration Phase is to register the client application against Adobe Pass Authentication through the Dynamic Client Registration (DCR) process.
The Dynamic Client Registration (DCR) process requires the client application to obtain a pair of client credentials and retrieve an access token as the end goal of the Registration Phase.
For more information, refer to the Dynamic Client Registration Overview documentation.
2. Is the Registration Phase mandatory?
The Registration Phase is mandatory, but the client application can skip this phase if it has a cached pair of client credentials and an access token that are still valid.
3. What’s a software statement and how long is it valid?
The software statement is a term defined in the Glossary documentation.
The software statement consists of a JSON Web Token (JWT) that can be generated and downloaded from the Adobe Pass TVE Dashboard by one of your organization administrators or by an Adobe Pass Authentication representative acting on your behalf.
The software statement is valid for an unlimited timeframe, but you may choose to ask an Adobe Pass Authentication representative to revoke it at any time.
The client application must store the software statement and use it when needing to retrieve client credentials.
For more details, refer to the Dynamic Client Registration Overview documentation.
4. How to generate and download a software statement?
This operation can be completed through the Adobe Pass TVE Dashboard by one of your organization administrators or by an Adobe Pass Authentication representative acting on your behalf.
For more details, refer to the TVE Dashboard Channels User Guide or TVE Dashboard Programmers User Guide documentation.
5. What happens if a software statement is revoked?
When the software statement is revoked, there is one important consequence to consider:
- The client applications using the revoked software statement will no longer be able to go through the entitlement flows, meaning that users will get blocked from playing content.
6. What are client credentials and how long are they valid?
The client credentials are a term defined in the Glossary documentation.
The client credentials consist of a client identifier and client secret pair that can be retrieved from the Client Register endpoint.
The client credentials are valid for an unlimited timeframe.
The client application must store the client credentials and use them indefinitely when needing to retrieve an access token.
For more information, refer to the Retrieve client credentials documentation.
7. How to manage client credentials?
We recommend the client application to manage a unique pair of client credentials for each user application instance in case of both client-to-server and server-to-server integrations with Adobe Pass Authentication.
8. Should the client application cache client credentials in a persistent storage?
The client application must store the client credentials and use them indefinitely when needing to retrieve an access token.
9. What happens if cached client credentials are lost?
When cached client credentials are lost, there are three important consequences to consider:
- The client application must obtain a new pair of client credentials.
- The client application must obtain a new access token using the new pair of client credentials.
- The client application will need to ask the user to re-authenticate, as the client application will lose access to the authenticated profiles obtained before.
10. What’s an access token and how long is it valid?
The access token is a term defined in the Glossary documentation.
The access token consists of a bearer token that can be retrieved from the Client Token endpoint.
The access token is valid for a limited and short timeframe specified at the moment of issue.
The client application must store the access token and use it until it expires when targeting REST API V2.
The client application must obtain a new access token before the current one expires to prevent unauthorized requests.
For more information, refer to the Retrieve access token documentation.
11. Should the client application cache the access token in a persistent storage?
The client application must store and use the access token until it expires, then discard it and obtain a new one.
12. How can the client application refresh an access token?
The client application must refresh an access token the same way as retrieving a new access token, but using cached client credentials.
The client application must not re-register to refresh an access token, instead it must use the stored client credentials, otherwise users would be required to re-authenticate.
For more information, refer to the Retrieve access token documentation.