Public and confidential clients

[visvk]

It's good to know, that client is public (e.g. native application) or confidential.
rfc8252 Registration of Native App Clients
rfc8252 Client Authentication

I would like to use something like client.isConfidential parameter in the #452 to prevent confidential clients to use this feature.
Moreover, this new parameter can be used to prevent public clients to use client_credentials grant type, or enforce confidential clients to use client authentication with client_id and client_secret.

Do you have any other ideas?

[razvanz]

Do you want "confidential" clients to be able to authenticate without PKCE?

Why would this be required? I wasn't able to find anything in the standard.

[visvk]

PKCE is meant to protect public clients, that is stated in the abstract. I don't know any reason, why a confidential client should use PKCE.
This is optional feature for public clients. Confidential clients should use the Authorization Code Grant as it is described in rfc6749.