Thanks for reporting this. Quite honestly, the Dynamic Client Registration feature is not used much, so I’m guessing no one encountered this problem before.
I agree that both cases should be covered and I’ve added an internal feature request to our Product team. I can’t promise any quick outcomes on this (it will depend on prioritization of other items in the roadmap), so hopefully you can provide some kind of override in Anypoint both to convince it that the server will accept client credentials, and not to send the response_types in the payload for now.
1 Like