Confidential clients authenticate when making requests to the OAuth authorization server.
The core OAuth 2.0 specification defines the "client password" client authentication type, which defines the
client_secret parameter as well as the method of including the client password in the HTTP
There are additional forms of client authentication defined in extensions.
Note: PKCE is not a form of client authentication, and is not an alternative to client authentication. Applications using client authentication should also use PKCE.