What's the benefit of the client secret in OAuth2?
In the OAuth 2.0 "Web Server" flow you are required to have a client secret, whereas in other flows you aren't. I can't find an explicit statement as to why you'd need to have a client secret. Is the benefit that you don't need to re-authenticate the user? What is client secret mechanism?