diff --git a/topics/clients/client-oidc.adoc b/topics/clients/client-oidc.adoc
index f4c5a77fa8..ead50e5f1f 100644
--- a/topics/clients/client-oidc.adoc
+++ b/topics/clients/client-oidc.adoc
@@ -63,7 +63,7 @@ _confidential_::
   (see http://tools.ietf.org/html/rfc6749#section-4.1.3[Access Token Request] in the OAuth 2.0 spec for more details). This type should be used for server-side applications.
 
 _public_::
-  Public access type is for clients that need to perform a browser login
+  Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict  access by configuring correct redirect URIs for the client.
 
 _bearer-only_::
   Bearer-only access type means that the application only allows bearer token requests.