OAuth applications you create for your custom Contentful integrations can now be explicitly marked as confidential. When an OAuth application is confidential, both the "Client ID" and "Client Secret" will be required when requesting a token. (Note: This requirement does not apply to the implicit grant flow, which is the OAuth flow described in Contentful's official documentation.)

This feature is part of a security upgrade that ensures Contentful correctly enforces the confidentiality of client credentials.

• Read about how to create a custom OAuth application for your Contentful integration.
• Manage the confidentiality status of your custom OAuth applications from the Applications page in your user profile.
• Learn more about the distinction between public and confidential clients in the official OAuth 2.0 specification.