"Confidential client" for refreshing tokens

According to the docs,

Only “confidential” clients are issued refresh tokens – “public” clients must ask the user to re-authenticate.

and in the link…

Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
restricted access to the client credentials), or capable of secure
client authentication using other means.

But what does this mean? What are some examples of a confidential client and how do I ‘prove’ to Monzo that I have a confidential server?

I went back to my developer account (Monzo for Developers) and realised that there is a “confidential/non-confidential” setting when you create a client. Other than this setting there doesn’t seem to be anything else required.

1 Like