oauth tutorial - OAuth Client Types - oauth2 tutorial - oauth authentication




What are Client Types in OAuth 2.0?

oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  oauth2 implicit  -   oath authorization code -  twitter oauth2  - what is oauth , saml vs oauth , oauth tutorial
  • The OAuth 2.0 client role is subdivided into different client types and their profiles.
  • The OAuth 2.0 specifies two types of clients and they are:
    • Confidential
    • Public

Confidential

  • A confidential client is an application that is capable of keeping a client password confidential to the world.
  • The client password is assigned to the client app by the authorization server. This password is used to identify the client which is done to the authorization server

Public

  • A public client is an application that is not capable of keeping a client password confidential and is shown to others.
  • A mobile phone application or a desktop application has the client password which is embedded inside it.
  • Such an application could be hacked, and hence this could reveal the password.
  • The user could use a JavaScript debugger to look into the application, and see the client password and change the password of the client.

Client Profiles

The OAuth 2.0 specification mentions a set of client profiles. The profiles are types of applications that can be either be confidential or public. The profiles are:

  • Web Application
  • User Agent
  • Native

Web Application

  • A web application is an application which is running on a web server.
  • A web application typically consists of both a browser part and a server part which is used in it.
  • A web application needs access to a resource server, and then the client password could be stored on the resource server.
  • The password should be confidential because it should not be viewed by others.
  • Here is a diagram of a confidential client web application:
 learn oauth - confidential client- oauth example

learn oauth - confidential client- oauth example

User Agent Application

  • A user agent application is for instance is running a JavaScript application which is done in a browser and the browser is the user agent.
  • A user agent application is stored on a web server, but the application is running once the user agent has been downloaded.
  • Here is a diagram of a client user agent application which is given below:
 learn oauth - OAuth 2.0-User Agent Application - oauth example

learn oauth - User Agent Application - oauth example

Native Application

  • A native application is an instance for a desktop application or a mobile phone application which is used.
  • Native applications are installed on the user’s computer or the device
  • The client password will be stored on the user’s computer for the user to keep the password safe
  • Here is an diagram of a client native application which is given below:
 learn oauth OAuth 2.0 - Native application oauth example

learn oauth - Native application - oauth example


Related Searches to OAuth 2.0 Client Types