Determine requirements for OAuth 2.0 public clients

Description

public client examples are any OAuth clients where the client secret cannot be kept confidential (e.g. a native application or SPA). Particular examples include the Synapse programmatic/command line apps and the GWT client.

Possible requirements (not a complete list)

  • PKCE

  • Additional grant types

The requirements are likely to be heavily informed by the OAuth 2.1 draft: https://tools.ietf.org/html/draft-parecki-oauth-v2-1-02#section-7.3.1

Environment

None

Assignee

Nick Grosenbacher

Reporter

Nick Grosenbacher

Labels

None

Validator

Bruce Hoff

Development Area

None

Release Version History

None

Epic Link

Priority

Critical
Configure