oauth tutorial - OAuth Client Types - oauth2 tutorial - oauth authentication

What are Client Types in OAuth 2.0?

oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  oauth2 implicit  -   oath authorization code -  twitter oauth2  - what is oauth , saml vs oauth , oauth tutorial
  • The OAuth 2.0 client role is subdivided into different client types and their profiles.
  • The OAuth 2.0 specifies two types of clients and they are:
    • Confidential
    • Public


  • A confidential client is an application that is capable of keeping a client password confidential to the world.
  • The client password is assigned to the client app by the authorization server. This password is used to identify the client which is done to the authorization server


  • A public client is an application that is not capable of keeping a client password confidential and is shown to others.
  • A mobile phone application or a desktop application has the client password which is embedded inside it.
  • Such an application could be hacked, and hence this could reveal the password.
  • The user could use a JavaScript debugger to look into the application, and see the client password and change the password of the client.

Client Profiles

The OAuth 2.0 specification mentions a set of client profiles. The profiles are types of applications that can be either be confidential or public. The profiles are:

  • Web Application
  • User Agent
  • Native

Web Application

  • A web application is an application which is running on a web server.
  • A web application typically consists of both a browser part and a server part which is used in it.
  • A web application needs access to a resource server, and then the client password could be stored on the resource server.
  • The password should be confidential because it should not be viewed by others.
  • Here is a diagram of a confidential client web application:
 learn oauth - confidential client- oauth example

learn oauth - confidential client- oauth example

User Agent Application

  • A user agent application is for instance is running a JavaScript application which is done in a browser and the browser is the user agent.
  • A user agent application is stored on a web server, but the application is running once the user agent has been downloaded.
  • Here is a diagram of a client user agent application which is given below:
 learn oauth - OAuth 2.0-User Agent Application - oauth example

learn oauth - User Agent Application - oauth example

Native Application

  • A native application is an instance for a desktop application or a mobile phone application which is used.
  • Native applications are installed on the user’s computer or the device
  • The client password will be stored on the user’s computer for the user to keep the password safe
  • Here is an diagram of a client native application which is given below:
 learn oauth OAuth 2.0 - Native application oauth example

learn oauth - Native application - oauth example

Related Searches to OAuth 2.0 Client Types

Adblocker detected! Please consider reading this notice.

We've detected that you are using AdBlock Plus or some other adblocking software which is preventing the page from fully loading.

We don't have any banner, Flash, animation, obnoxious sound, or popup ad. We do not implement these annoying types of ads!

We need money to operate the site, and almost all of it comes from our online advertising.

Please add wikitechy.com to your ad blocking whitelist or disable your adblocking software.