OAuth2

Client Registration

client authenticationに先だってclient registrationをさせることで安全性が向上する

Client Authentication

confidential clientならclient secretを安全に保管できる

public clientとconfidential client

OAuth defines two types of clients: confidential clients and public clients. Confidential clients are applications that are able to securely authenticate with the authorization server, for example being able to keep their registered client secret safe. Public clients are unable to use registered client secrets, such as applications running in a browser or on a mobile device.

According to the OAuth 2.0 spec, applications can be classified as either confidential or public. The main difference relates to whether or not the application is able to hold credentials (such as a client ID and secret) securely. This affects the type of authentication the applications can use.