Closed
Description
Describe the bug
I'm trying to register two different(different client_id, redirect_uri etc) public clients (clientAuthenticationMethod=NONE) but authorization server is complaining with this error:
Registered client must be unique. Found duplicate client secret for identifier: d2e77536-6f0f-444f-9584-0c12da636a23
As far i understand, i should be able to register multiple clients as long as client_id is unique.
I'm not aware that such constraint is defined in OAuth2.0 spec.
Sample
I believe the error is coming from this method in the code:
JdbcRegisteredClientRepository.assertUniqueIdentifiers()
count = this.jdbcOperations.queryForObject(
COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?",
Integer.class,
registeredClient.getClientSecret());
if (count != null && count > 0) {
throw new IllegalArgumentException("Registered client must be unique. " +
"Found duplicate client secret for identifier: " + registeredClient.getId());
}