We have an excellent blog post on this topic. Read it now!
You can create a public OAuth 2.0 Client (e.g. for the authorize code + PKCE or implicit flow) with the CLI
or by setting in the HTTP API JSON body when POSTing to
Be aware that when making requests to
/oauth2/revoke with a
public OAuth 2.0 Client, you cannot authenticate with the HTTP Basic
Authorization but must include the
client_id in the POST body: