Client authentication
The authorization server should authenticate the client based on their client type. The authorization server should determine the authentication method that suits and meets security requirements. It should only use one authentication method in each request.
Typically, the authorization server uses a set of client credentials, such as the client password and some key tokens, to authenticate confidential clients.
The authorization server may establish a client authentication method with public clients. However, it must not rely on this authentication method to identify the client, for security reasons.
A client possessing a client password can use basic HTTP authentication. OAuth 2.0 does not recommend sending client credentials ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access