Yume
Reputation: 21
Identifying public and confidential clients for Oauth2.0
I have a problem identifying the type of the app based just on the programming language.
In case of an application with separated backend and frontend, but the frontend developed with a backend language (Java, .Net, PHP) , could we understand that the frontend is a confidential client ?
I know that we also have mobile apps developed with backend language (.net for exmple) so I am a bit confused.
Thank you very much for you answer.
Upvotes: 1
Views: 111
Answers (1)
Tore Nestenius
Reputation: 19921
Applications running on the user's machine (mobile/desktop/browsers) typically can't keep any secrets (keys/passwords...), and because of that, they are all public clients.
The programming language used does not affect this at all.
Upvotes: 1
Related Questions
- OAuth 2.0 public client impersonation
- oAuth 2.0 users vs clients?
- How to verify which resources each user can access with OAuth and OpenID Connect?
- OAuth Confidential vs Public Client - What to choose if possible?
- How to identify the "client application" at the "resource server" in a OIDC/OAuth2 flow
- OAuth 2 for native application - what is difference between public and confidential client types?
- Client authentication on Public Client
- OAuth2 Token Validation and confidential clients
- OAuth client authentication for public clients
- OAuth 2.0 definition of clients