RFC 6749 Section 2.3: OAuth 2.0 Client Authentication


Confidential clients authenticate when making requests to the OAuth authorization server.

The core OAuth 2.0 specification defines the "client password" client authentication type, which defines the client_secret parameter as well as the method of including the client password in the HTTP Authorization header.

There are additional forms of client authentication defined in extensions.

More resources