Is it possible to hash the client secrets?
The client secret has to be available in the clear to confidential clients.
Hmm, good point. I think what you are saying makes sense - meaning that you only have one chance to know a client secret, otherwise (with hash) it would not be retrievable.
I suppose what I should have asked - and what I’m trying to achieve - is how to secure the database (in our current case, Postgres) and especially things like client secrets. Right now I can log in and see things like client secret in plain text. Is there a current best practice(s) around this for hardening things in a production environment?
It’s more of a Postgres/database question. There are several articles out there about security hardening best practices. E.g.: