OAuth 2.0 requires that [confidential clients](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) use at least basic authentication when communicating with the authorization server. This will require - [x] API for resetting and unsetting client secret (#359); - [ ] UI for resetting and unsetting client secret; - [x] verifying client secret at token endpoint (#358).
OAuth 2.0 requires that confidential clients use at least basic authentication when communicating with the authorization server. This will require