Hi everyone,
Please take a look at https://github.com/uma-email/poc#protected-dynamic-client-registration.
This may solve the single page applications and native applications problem with client secrets. I mean, the client is public with respect to the IdP, and at the same time – after dynamic registration – confidential with respect to the AS.
Regards
-Igor