OAuth - Public client

OAuth - Public client

About

A public client is a client that has a public type.

It means that you are not the administrator of the computer whereas with a confidential (private) client you are.

A bad agent can scan your application in order to find authentication/authorization material.

With an authorization code grand, PKCE is recommended for public client

Articles Related

List

Recommended Pages

Oauth - Client (App)

client is one of the 4 roles of the Oauth specification. In its most basic form, it's a web site used by a end-user. In more details, it's is a (first-party or third party service application making "...

Oauth - Client Authentication

authentication method for a client in Oauth. The client MUST NOT use more than one authentication method in each request. Usage Client authentication is used for: Enforcing the binding of refresh tok "...

Oauth - Confidential Client

Confidential client are client that have a confidential type (ie private) public client Articles Related List

Oauth - Native application

A native application is a public client installed and executed on the device used by the resource owner (ie end user). Protocol data and credentials are accessible to the resource owner. It is assume "...

Oauth - Web Browser / User-agent-based application

A user-agent-based application is a public client in which the client code (generally javascript) is downloaded from a web server and executes within a user-agent (e.g., web browser) on the device use "...

Proof Key For Code Exchange (PKCE) flow

OAuth 2.0 public clients (ie browser) utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. Proof Key for Code Exchange by OAuth Public Clients (PKCE) h "...

Share this page:

OAuth - Public client

Table of Contents

About

Articles Related

List

Recommended Pages

Oauth - Client (App)

Oauth - Client Authentication

Oauth - Confidential Client

Oauth - Native application

Oauth - Web Browser / User-agent-based application

Proof Key For Code Exchange (PKCE) flow