[keycloak-dev] why authenticate clients?

[Bill Burke]

Okay, I think I've figured out why confidential clients are better. 
Hacker could spoof the login page, obtain client credentials, in the 
background have a script that performs the login flow.  With a public 
client, the hacker would be able to get the access token as there is no 
protection.  With a confidential client, the hacker would not have the 
client credentials and would not be able to turn a code into a token.
-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com