I've elaborated a little more on the DCR topic.
OPTIONAL. The client is pre-registered at the AS-RO as a public client – this is recommended for Single Page Applications.
If the client has been pre-registered at the RO's AS as a public client, then after the protected dynamic registration, the client is registered twice, both as a public and at the same time as a confidential client. When communicating with the AS, the client uses the registration that is more secure. If the client is a Single Page Application, the confidential registration identifier (nonce) that refers to the client credentials has to be returned from the registration endpoint in the form of a cookie with the HttpOnly and Secure attributes set. If the RqP deletes the cookies or the confidential client registration has been removed from the server, the client may re-register with the RO's AS.
Regards
-Igor