About Client Application
This feature allows eGain application to integrate with OAuth client applications. OAuth client applications can be easily managed from within the Administration Console by an administrator with partition permissions.
Client Application Platform Types
When registering a new client application, you must choose a platform type that aligns with your application's environment and security requirements. eGain supports the following client types:
-
Public Client / Native: Applications running on end-user devices, such as mobile or desktop apps, where storing secrets securely is not feasible.
-
Single Page Application (SPA): Browser-based JavaScript apps that run entirely on the client side and also cannot securely store secrets.
-
Web Application: Server-side applications that can securely store secrets and use traditional authorization flows.
The table below outlines key differences between these platform types:
|
Feature |
Public Clients (Native & SPAs) |
Web Applications (Confidential) |
|---|---|---|
|
Environment |
Devices (browsers for SPAs) |
Servers |
|
Secret Storage |
Cannot securely store secrets |
Can securely store secrets |
|
OAuth Flow |
PKCE (for SPAs) |
Authorization Code Flow |
|
Example |
Mobile apps, browser-based apps, SPAs |
Traditional web apps |
|
Security Focus |
Protecting authorization codes without secrets |
Protecting client secrets |
Platform selection is made during the client application creation process in the General tab.
Related Topics