Client Type resets to public after editing redirect URI

[dfdan]

Package version (if known): v11 / current Zenodo

Describe the bug

If an OAUTH applicaiton is configured as 'confidential', editing/saving the redirect URIs appears to reset the client type to 'public'. THis can be frustrating

Steps to Reproduce

1. Create a confidential OAUTH app, save it
2. Edit it - add or edit a redirect uri
3. Save it
4. Note that the client type resets to 'public'

Expected behavior

I don't know if this is intentional behaviour for security reasons(?) - if it is, it would be worth a warning as its easily missed.
Ideally the client type would not get reset.
May happen with other settings, but I've only observed with redirect_uri repeatedly.

[dfdan]

(Tagging @slint because we had some intrersting trouble potentially related to this. )

[slint]

The underlying issue is that the form for creating the application is sending an empty value for the is_confidential field. In the end this boils down to the form setting the field to is_confidential=False, which means all applications are created as "Public".

The application "Edit" form correctly sends the value on POST, so it is possible to modify and persist the change.