Type is related to the ability to maintain the confidentiality of client credentials.
Even from the resource owner.
Capable.
e.g. a secure server
Incapable.
e.g. a web browser-based application, or a mobile App.
Different application types will be allowed to execute different flows.
Confidential client running on a web server.
Public client where the client code runs on a user-agent application.
The public client is installed and executed on the device used by the resource owner.
Clients accessing OAuth servers must be previously registered.
Nevertheless, the standard does not exclude unregistered clients.
A registered client is given a unique identifier, a ClientID.
Registration includes both informational, legal and operational information.
Redirection URLs
Acceptance of legal terms
Application (client) name, logo, website, description
Client type
Client authentication method (for confidential clients)
Last updated