Systems of record SHALL publish their registration, authorization and token endpoints for discovery in accordance with the SMART App Launch framework section 8.2.
The current Payer-to-Payer design calls for a one time Dynamic Client Registration following OAuth RFC 7591. In the production version of the Payer-to-Payer exchange this registration endpoint will be protected by a Mutual TLS (mTLS) connection. For our Developer portal solution that is not the case. Once registered the system will use the Client ID and Secret that is returned on a successful registration to request a token for access to the member-match operation and initiate data exchange.