OAuth 2.0 Client Authentication
AM can authenticate OAuth 2.0/OpenID Connect clients by using the following methods:
Confidential clients holding a secret or a JWT bearer token assertion can authenticate with the authorization server using any of the above methods.
While confidential clients must always authenticate in one of the ways described in this section, public clients are not required to authenticate, because their information is intended to be public or they are used over insecure channels, so their secret could be easily snooped.
OAuth 2.0 and OpenID Connect clients can use the same authentication methods. However, OpenID Connect clients must specify the method they are using in their client profiles.