When to create client id and secret for an API,during Login or Registartion?

Question

I am creating an API and there are multiple clients,So I am implementing a client id-secret artitechure.My questions are:

• When should I create the client id and secret? during registration of Login?
• How should I connect users to respective client ids?
• How should I store client ids and secret?

Answer 1

• the client id and secret ( client credentials in OAuth2) use to communicate between server and server ( because secret key stored in server web, where secure with anyone want to access without permission), if for user web I refer you use authorization code flow
• each client have a client id (unique per resource)
• store in the table with client id, password (encode by md5, ...), role, scope, ... and using it to verify, then create a new token for the client. the client will use a token to request your API, just use secret when need refresh token or create a new token