ConfidentialClientApplication 和 PublicClientApplication 之间有什么区别?
What is the difference between ConfidentialClientApplication and a PublicClientApplication?
我正在整合一个提供 RESTful API 的 Web 服务。我构建了一个使用 PublicClientApplication 的 UWP 客户端,它运行良好。现在,我正在构建一个 Web 应用程序来与相同的服务对话,我发现的示例使用 ConfidentialClientApplication 来为用户获取访问令牌。那么这两个 类 之间的区别是什么,它们似乎都产生访问令牌(文档非常简单甚至不存在)以及 类.
之间的用例是什么
在自己研究 MSAL 时,我设法找到了一些 MSAL.net including a chapter 关于客户端应用程序的文档。
它明确讨论了 机密客户端应用程序 class 和 Public 客户端应用程序 class 之间的区别.
机密客户
Confidential client applications are typically applications which run on servers (Web
Apps, Web API, or even service/daemon applications). They are
considered difficult to access, and therefore capable of keeping an
application secret. Confidential clients are able to hold
configuration time secrets. Each instance of the client has a distinct
configuration (including clientId and secret). These values are
difficult for end users to extract. A web app is the most common
confidential client. The clientId is exposed through the web browser,
but the secret is passed only in the back channel and never directly
exposed.
Public 客户端
On the contrary public client applications are typically applications
which run on devices (phones for instance) or desktop machines. They
are not trusted to safely keep application secrets, and therefore
access Web APIs in the name of the user only (they only support public
client flows). Public clients are unable to hold configuration time
secrets, and as a result have no client secret
我正在整合一个提供 RESTful API 的 Web 服务。我构建了一个使用 PublicClientApplication 的 UWP 客户端,它运行良好。现在,我正在构建一个 Web 应用程序来与相同的服务对话,我发现的示例使用 ConfidentialClientApplication 来为用户获取访问令牌。那么这两个 类 之间的区别是什么,它们似乎都产生访问令牌(文档非常简单甚至不存在)以及 类.
之间的用例是什么在自己研究 MSAL 时,我设法找到了一些 MSAL.net including a chapter 关于客户端应用程序的文档。
它明确讨论了 机密客户端应用程序 class 和 Public 客户端应用程序 class 之间的区别.
机密客户
Confidential client applications are typically applications which run on servers (Web Apps, Web API, or even service/daemon applications). They are considered difficult to access, and therefore capable of keeping an application secret. Confidential clients are able to hold configuration time secrets. Each instance of the client has a distinct configuration (including clientId and secret). These values are difficult for end users to extract. A web app is the most common confidential client. The clientId is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed.
Public 客户端
On the contrary public client applications are typically applications which run on devices (phones for instance) or desktop machines. They are not trusted to safely keep application secrets, and therefore access Web APIs in the name of the user only (they only support public client flows). Public clients are unable to hold configuration time secrets, and as a result have no client secret