Public Client

Public Client

March 30, 2024 | seedling, permanent

tags :

OAuth 2.0 Client Types #

Definition #

  • A client that cannot *securely store credentials, such as a client secret.

Characteristics #

  • Typically operates in environments where client confidentiality cannot be assured, like browsers, mobile apps, or desktop applications.
  • Lacks the ability to securely authenticate itself with the authorization server due to the inability to securely store secrets.

Security Considerations #

  • Often relies on redirects and tokens in the browser, which can be less secure.
  • Commonly uses Grant Types like the implicit grant or Authorization Code grant with PKCE for enhanced security.

Examples #

  • JavaScript Single Page Applications (SPA)
  • Mobile apps on platforms like iOS and Andriod
  • Desktop applications that cannot securely store credentials

Links to this note

Calendar March 30, 2024

Go to random page

Previous Next