Loading...
Loading...
In the platform, we categorize OAuth clients into two types: public and confidential. Here's a breakdown of the core functionality for both client types and how to manage them.
Public clients are used in applications where the code runs on the user's device, making it impossible to store secrets securely. We use Authorization Code Flow with PKCE (Proof of Key Code Exchange) to protect against token theft without needing client secrets.
Using Public clients is recommended for the following application types:
Browser-based applications (SPAs & Multi-Page Applications)
Mobile native apps
Progressive Web Apps (PWAs)
Desktop applications
Key Configurations for Public Clients:
Redirect URIs: The allowed URIs for redirecting after authentication.
Allowed Grant Types: For public clients, typically authorization_code
and refresh_token
grant types are used.
Scopes: Permissions requested by the client, such as openid
, profile
, and email
.
Confidential clients are used in server-based applications, where the client secret can be stored securely. These clients:
Require secure storage of the client secret.
Can use advanced authentication methods like private key JWT.
Key Configurations for Confidential Clients:
Client Secret: A securely stored secret for authenticating with the OAuth server.
Token Endpoint Authentication Method: Methods such as client_secret_basic
or private_key_jwt
for securely authenticating to the token endpoint.
Additional Security Settings: Settings for stronger authentication flows, such as JWT signing.
Navigate to Client Management Page: Access the admin interface and locate the client management section.
Select Client Type: Choose between creating a Public or Confidential client.
Configure Settings:
Public Clients: Configure settings like redirect URIs, allowed scopes, and grant types.
Confidential Clients: Securely store client secrets, configure redirect URIs, and apply advanced security settings such as token endpoint authentication.
Save and Register: Once all configurations are made, save the settings and confirm client registration.
Redirect URIs: List of authorized URLs for redirecting after authentication.
Allowed Grant Types: Grant types like authorization_code
and refresh_token
.
Scopes: Permissions such as openid
, email
, and profile
that the client can request.
Client Secret: Securely stored secret for authenticating the client.
Token Endpoint Authentication Method: Secure authentication methods such as client_secret_post
or private_key_jwt
.
Advanced Security: Additional security configurations for confidential client
Steps to Create a Client
Navigate to Client Management Page: Access the admin interface and locate the client management section.
Select Client Type: Choose between creating a Public or Confidential client.
Configure Settings:
Public Clients: Configure settings like redirect URIs, allowed scopes, and grant types.
Confidential Clients: Securely store client secrets, configure redirect URIs, and apply advanced security settings such as token endpoint authentication.
Save and Register: Once all configurations are made, save the settings and confirm client registration.