Was there a specific reason to change this?

This one failed https://github.com/CommunitySolidServer/CommunitySolidServer/actions/runs/15914010572/job/44887876671
Due to new error I added: "Token with this name already exists."
This error message itself could include a hint to omit the name for auto generated uuid

This makes me think that perhaps we should be more careful about changing the default behaviour here, as this update would break similar setups that might exist. Additionally, the uniqueness check of the label leaks information about which labels exist of other users, which might be a concern in some situations. So I would suggest adding an optional constructor parameter to enable this behaviour (verbatimLabels?), which defaults to false, so existing setups don't change. The configuration generator could then have another option to enable this (I can do this part after this PR is merged). The uniqueness check then only happens when this parameter is set to true. In case it is set to false the uuid is always added.

Maybe it would make more sense to handle uuid based client ids and URL client ids separately. Especially if there was a verification step #2041 (comment)

I revereted commit with this change

What is the reason these needed to be swapped? I'm guessing it has something to do with the other adapter trying to fetch the URL label maybe but can you tell me exactly what goes wrong?

Without that change ClientIdAdapterFactory was trying to fetch that URL, I don't remember if there was a problem if it didn't exist, but when it was able to fetch that ClientID, it was setting token_endpoint_auth_method to none and complaining that it wasn't allowed and it didn't pick credentials passed via Authorization hearder.

I think it doesn't make sense to use ClientIDAdapter at all when ClientCredentialsAdapter handles that client properly, that's why in the end I changed the order. As you can see all other tests are still passing so it doesn't seem to be affecting anything elese, and if that client hasn't been registered for client credential for that webid there should be no problem.

I haven't tested what happens if that user tries to use the same client both with client credential and with authorization code. Should I add integration test for that?

The ClientIdAdapterFactory was written under the assumption that if the incoming ID is a URL, this is always the class that should handle it, but that breaks here. The "deeper" class always triggers first, so if a client ID is used that is also a credential label the credential adapter will trigger first. But this could potentially cause issues when someone uses a client ID request which happens to also be the label of a credential token (of someone else potentially). So this definitely needs to be investigated what would happen there. I'm not sure if this would work with how the adapters currently work.

Since only one client credential per Client ID is supported with this approach (#2053 could be an alternative) I think a check similar to linking an existing WebID would make sense here. One would have to prove control over client to get a URL Client ID credential for it. Once such credential is created, it can only be used with it and no more authorization code flow for that client.

Why was this entire block added as it differs on only one line from the previous block. Is it to check for an issue related to the reason the order of the components was changed?

Yes, just changing from string to URL was resulting in a different adapter handing it and failing. I though the safest would be to run the whole describe for both cases to make sure that both string and url are fully functional.

Thanks! I will most likely need to add a test case for that so I'll include your suggestion in that commit.