OAuth2 public clients cant use client secret and still achieve a secure workflow, why is it used for confidential clients?
In an OAuth2 authorization flow, if I understand correctly the request made to receive a token with PCKE is almost identical between that of a public client and that of a confidential client. The only real difference is that a confidential…