According to the docs,
Only “confidential” clients are issued refresh tokens – “public” clients must ask the user to re-authenticate.
and in the link…
confidential
Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
restricted access to the client credentials), or capable of secure
client authentication using other means.
But what does this mean? What are some examples of a confidential client and how do I ‘prove’ to Monzo that I have a confidential server?