Information Security: What's the point of the client secret in OAuth2 if it doesn't need to be used?

jeudi 18 décembre 2014

What's the point of the client secret in OAuth2 if it doesn't need to be used?

Simple as that!

Clients that can't maintain the secrecy of the client_secret in OAuth2 don't have to use it.

So what's the point of having it at all, if it's not necessary? What am I missing here?

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)