while migrating my company's authorization server from former spring security oauth2 to the new authorization server project I recognized that the entity model has quitely changed. Especially the reference between the client details (registered client) and the authorization entity (formerly two tables for at and rt) has changed and the client_id property is not the foreign key anymore. The registerd client has a separate primary id properties.
So, I am asking if it was intentional to split id and client_id in separate properties and if there are any advantages doing so which i currently don't see?
For simplicity, I think i will use the same identifier for both of these properties, to make it easier for joins and looking into table e.g. checking authorizations.
Any other suggestions or opinions I am missing?
I think the most straightforward answer is that the RegisteredClient domain object is intended to be stored in a database (or other data store), where the primary key may be generated by the database itself.
See this example which generates an id for demonstration purposes.
You can certainly decide what value goes into that field. If necessary, you can also customize the data model and omit the id if you want client_id to be the PK.