Can't register multiple public clients (clientAuthenticationMethod=none)

[igorsimjanoski]

Describe the bug I'm trying to register two different(different client_id, redirect_uri etc) public clients (clientAuthenticationMethod=NONE) but authorization server is complaining with this error:

Registered client must be unique. Found duplicate client secret for identifier: d2e77536-6f0f-444f-9584-0c12da636a23

As far i understand, i should be able to register multiple clients as long as client_id is unique. I'm not aware that such constraint is defined in OAuth2.0 spec.

Sample I believe the error is coming from this method in the code:

JdbcRegisteredClientRepository.assertUniqueIdentifiers()

        count = this.jdbcOperations.queryForObject(
                COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?",
                Integer.class,
                registeredClient.getClientSecret());
        if (count != null && count > 0) {
            throw new IllegalArgumentException("Registered client must be unique. " +
                    "Found duplicate client secret for identifier: " + registeredClient.getId());
        }

[jgrandja]

@igorsimjanoski I'm confirming this is a bug. I will have a fix shortly.