spring-boot spring-authorization-server spring-resource-server

What value is usually provided to client_id field in RegisteredClient objects?

What value is usually provided to client_id field in RegisteredClient objects in production? The first thought that comes to my mind is to just use unique integers for each client. But is it really a legitimate approach?..

Solution

The client_id is essentially a unique and a public identifier for OAuth Apps. Even though it's a public identifier, it's best that it shouldn't be guessable by any 3rd parties. Different vendors use different conventions to generate client_ids and the most common practise is to have a 32 character alpha-numeric string. You can read about different conventions here. In most cases, a UUID would be enough for a client_id given that you do not have any special requirements.

How to enable all endpoints in actuator (Spring Boot 2.0.0 RC1)
Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
Problem with file directory link in amazon s3
WebFluxSecurity does not add Authentication to SecurityContext
WebMvcTest and entitMangerFactory missing reference
Spring Authorization Server: "invalid_client" Error Despite Correct Client Configuration while requesting registration_endpoint
R2DBC: Convert Integer to Boolean for Specific Column in Spring Data Entity
How do I add audience validation using Spring OAuth without needing the issuer?
Multi-Tenant Spring boot web application
CORS in Spring Security (Spring Boot 3)
Illegal base64url character: ' ' when getting claims/decode from token Java JWT Spring Boot
What's wrong that always returns null for the repository and the test fails?
Spring Boot Hibernate 6.6.0 delete TransientObjectException after update
Getting refresh token for gmail API with Spring Security
Task execution is not working after lunching the task in spring cloud data flow
docker-compose up gives 'failed to read dockerfile: error from sender'
Does client credentials flow prevent from concurrent authentication attempts?
Use Keycloak Spring Adapter with Spring Boot 3
Spring Boot with React and Keycloak: redirect to Keycloak's login page fails due to CORS error (no Access-Control-Allow-Origin header set)
Component scan for configuration class could not be used with conditions in REGISTER_BEAN
unit test @Valid of springboot without having to spin up / mock the server
How to call a service from Main application calls Spring Boot?
Extra unnecessary join with filtering and EntityGraph in Spring Data JPA Repository
Spring JBDC bad SQL grammar on PostgreSQL
Test REST APIs on a real server (without localhost )
How can I pass an array of objects in query params in postman for the post request?
perform SpringBoot request validation based on configurable property
Setting cookie from java spring boot rest API to angular
Validate list inside request with springboot against [null]
How to use Spring Security WebAuthn to implement Passkey?