oauth tutorial - OAuth Client Types - oauth2 tutorial - oauth authentication
What are Client Types in OAuth 2.0?
- The OAuth 2.0 client role is subdivided into different client types and their profiles.
- The OAuth 2.0 specifies two types of clients and they are:
- Confidential
- Public
Confidential
- A confidential client is an application that is capable of keeping a client password confidential to the world.
- The client password is assigned to the client app by the authorization server. This password is used to identify the client which is done to the authorization server
Public
- A public client is an application that is not capable of keeping a client password confidential and is shown to others.
- A mobile phone application or a desktop application has the client password which is embedded inside it.
- Such an application could be hacked, and hence this could reveal the password.
- The user could use a JavaScript debugger to look into the application, and see the client password and change the password of the client.
Client Profiles
The OAuth 2.0 specification mentions a set of client profiles. The profiles are types of applications that can be either be confidential or public. The profiles are:
- Web Application
- User Agent
- Native
Web Application
- A web application is an application which is running on a web server.
- A web application typically consists of both a browser part and a server part which is used in it.
- A web application needs access to a resource server, and then the client password could be stored on the resource server.
- The password should be confidential because it should not be viewed by others.
- Here is a diagram of a confidential client web application:
learn oauth - confidential client- oauth example
User Agent Application
- A user agent application is for instance is running a JavaScript application which is done in a browser and the browser is the user agent.
- A user agent application is stored on a web server, but the application is running once the user agent has been downloaded.
- Here is a diagram of a client user agent application which is given below:
learn oauth - User Agent Application - oauth example
Native Application
- A native application is an instance for a desktop application or a mobile phone application which is used.
- Native applications are installed on the user’s computer or the device
- The client password will be stored on the user’s computer for the user to keep the password safe
- Here is an diagram of a client native application which is given below:
learn oauth - Native application - oauth example