I’m developping an application that does authenticated requests to a service using openID-connect. Tokens are retrieved using openID-connect’s code flow, which require a client_id, which is a globally unique identifier for the client (a nextcloud instance in my case).
The instanceid system config value seems to be a unique identifier for each nextcloud instance. Is it suitable as a client id? i.e. is it fine to make it “somewhat” public?
Or is it suitable if I hash it?
Or do you have suggestions to what I could use as a client_id? The domain name + path to the nextcloud instance (which could move, so maybe not totally suitable?)