Public client and confidential client applications
In the previous chapter, we briefly touched on confidential client applications. In this chapter, we are going to cover them in more depth.
Public client and confidential client applications are part of the OAuth 2.0 framework. Applications can either be confidential or public. The main difference is that a confidential application can hold credentials (such as the client ID and client secret) securely. We will cover this in more detail in the following subsections.
Confidential client applications
Confidential client applications can store credentials securely. They are typically run on servers and are considered difficult to access because they run in a secure environment. For that reason, they can keep a secret. They are capable of holding configuration-time secrets and each instance has a distinct configuration, which includes the client ID and client secret. The client ID and client secret are stored securely and can...