OAuth Client Types and Digital Signatures

Different OAuth client types provide different credentials to the token service.

OAuth clients are classified by their ability to authenticate securely with the authorization server. A confidential OAuth client is an application that’s capable of keeping a client password confidential. On the other hand, a public client is an application that isn’t capable of keeping a client password confidential.

Trusted and Untrusted OAuth Clients

All OAuth clients registered in Oracle Cloud are confidential by default. However, they can be trusted or untrusted. A trusted client is an OAuth client that is registered by the Oracle Cloud infrastructure or by the identity domain administrator as being trusted to assert a user identity on behalf of the user. All trusted clients are confidential clients. Untrusted clients are mostly external applications and can be created by the customer. An untrusted client can’t assert a user identity on the user’s behalf.

Digital Signatures

You can associate a certificate with an OAuth client. This is mandatory for trusted clients and optional for untrusted clients. For a trusted client, you must create a key pair and a public key certificate signed by the Oracle Cloud certificate authority, and then import the certificate as part of the client registration process.