With respect to OTK, which policy checks if a client type is Public or Confidential?
Layer 7 Management OAuth Toolkit: 4.3.X
The OTK Client Validation policy is the policy where we are checking the client type.
Once a client is registered, using the OTK Manager Client DB GET, we are getting the details of the clients which are registered. For that we are using getAll and storing in a clientstore. Using the result of the clientstore, the OTK Client Validation policy is validating the client type.
We adhere to the rules and principles outlined by OAuth: https://tools.ietf.org/html/rfc6749