The RFC recommends to use PKCE for web (public client)/native apps. It’s not stated that Dynamic Client Registration (DCR) is bad but it’s not stated as an alternative either. I am wondering if there is any negative aspect of the DCR that i am overlooking.
I would say that the biggest difference between the two is the fact that PKCE is much easier to implement with less bookkeeping while offering about the same protections as DCR.
Looking through the use cases defined in the DCR specification, it looks like the use case of native app or SPA app is included.
Is there a reason why is not included in the best practices? Which use case is ideal to use the DCR?