The OAuth 2.0 Client Types designation is based on the Authorization Server's definition of secure authentication and its acceptable exposure levels of client credentials. The Authorization Server SHOULD NOT make assumptions about the OAuth 2.0 Client Types.
A OAuth Client may be implemented as a distributed set of components, each with a different client type and security context (e.g., a distributed OAuth Client with both a confidential server-based component and a public browser-based component). If the Authorization Server does not provide support for such OAuth Clients or does not provide guidance with regard to their registration, the OAuth Client SHOULD register each component as a separate OAuth Client.
More Information#There might be more information for this subject on one of the following:
- [#1] - The OAuth 2.0 Authorization Framework-Client Types - based on information obtained 2015-01-15