--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 02 10:12:46 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 02 10:14:16 2023 +0200
@@ -104,7 +104,11 @@
 	end
 
 	local ok, client = verify_client(client_id);
-	if not ok then return ok, client; end
+	if not ok then
+		return ok, client;
+	end
+
+	client.client_hash = b64url(hashes.sha256(client_id));
 	return client;
 end
 
@@ -221,7 +225,13 @@
 -- properties that are deemed useful e.g. in case tokens issued to a certain
 -- client needs to be revoked
 local function client_subset(client)
-	return { name = client.client_name; uri = client.client_uri; id = client.software_id; version = client.software_version };
+	return {
+		name = client.client_name;
+		uri = client.client_uri;
+		id = client.software_id;
+		version = client.software_version;
+		hash = client.client_hash;
+	};
 end
 
 local function new_access_token(token_jid, role, scope_string, client, id_token, refresh_token_info)