Update topics/clients/client-oidc.adoc

topics/clients/client-oidc.adoc

@@ -59,14 +59,11 @@ If you've ever done a social login to Google, you'll often see a similar page.
 This defines the type of the OIDC client.
 
 _confidential_::
-  Confidential access type is for clients that need to perform a browser login and require a client secret when they turn an access code into an access token,
+  Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token,
-  (see http://tools.ietf.org/html/rfc6749#section-4.1.3[Access Token Request] in the OAuth 2.0 spec for more details).  The advantage of this is that it is a little extra security.
+  (see http://tools.ietf.org/html/rfc6749#section-4.1.3[Access Token Request] in the OAuth 2.0 spec for more details). This type should be used for server-side applications.
-  Since {{book.project.name}} requires you to register valid redirect-uris, we're not exactly sure what this little extra security is though.
-  :) The disadvantages of this access type is that confidential access type is pointless for pure JavaScript clients as anybody could easily figure out your client's secret!
 
 _public_::
-  Public access type is for clients that need to perform a browser login and that you feel that the added extra security of confidential access type is not needed.
+  Public access type is for clients that need to perform a browser login
-  Pure javascript clients are by nature public.
 
 _bearer-only_::
   Bearer-only access type means that the application only allows bearer token requests.