Reputation: 23
What value is usually provided to client_id field in RegisteredClient objects?
What value is usually provided to client_id field in RegisteredClient objects in production? The first thought that comes to my mind is to just use unique integers for each client. But is it really a legitimate approach?..
Upvotes: 0
Views: 60
Answers (1)
Reputation: 492
The client_id is essentially a unique and a public identifier for OAuth Apps. Even though it's a public identifier, it's best that it shouldn't be guessable by any 3rd parties. Different vendors use different conventions to generate client_ids and the most common practise is to have a 32 character alpha-numeric string. You can read about different conventions here. In most cases, a UUID would be enough for a client_id given that you do not have any special requirements.
Upvotes: 0
Related Questions
- Override default Spring-Boot application.properties settings in Junit Test
- What is this spring.jpa.open-in-view=true property in Spring Boot?
- Spring boot resource server @PreAuthorize("hasAuthority('SCOPE_xxx')") does not work
- Authorization code without using form login
- How to shutdown a Spring Boot Application in a correct way?
- Set value of generic type to DTO field
- java.sql.SQLException: Field 'client_id' doesn't have a default value
- RestTemplate vs Apache Http Client for production code in spring project