[sdk] reorder public and confidential clients (discord#7877)

dyc · web-flow · commit 76ca34c7027b · 2025-10-02T12:41:45.000-05:00
list confidential clients before public, since we recommend the former
diff --git a/docs/discord-social-sdk/core-concepts/oauth2-scopes.mdx b/docs/discord-social-sdk/core-concepts/oauth2-scopes.mdx
@@ -62,12 +62,12 @@ See [available OAuth2 scopes](/docs/topics/oauth2#shared-resources-oauth2-scopes
 
 ## OAuth2 Client Types
 
-OAuth2 has two client types: **Public** and **Confidential**. Most games will not want to ship with **Public Client** enabled.
+OAuth2 has two client types: **Confidential** and **Public**. Most games will not want to ship with **Public Client** enabled.
 
 Some Social SDK methods require your Discord application to be a **Public Client**. These methods also have server-side alternatives that you can use with a **Confidential Client**.
 
-- Public clients cannot securely store client secrets.
 - Using confidential clients with proper secret management for production applications is generally recommended.
+- Public clients cannot securely store client secrets.
 - Your security team should review this setting and authentication flows before releasing your game.
 
 [Learn more about OAuth2 client types](https://oauth.net/2/client-types)
diff --git a/docs/discord-social-sdk/development-guides/account-linking-with-discord.mdx b/docs/discord-social-sdk/development-guides/account-linking-with-discord.mdx
@@ -108,25 +108,6 @@ Once the user approves the request from Step 2, Discord will redirect the user b
 
 #### Token Exchange for Public Clients
 
-<PublicClient />
-
-If your app does not have a backend server, enable `Public Client` in the Discord Developer Portal and use [`Client::GetToken`] to automatically exchange the authorization code for a token.
-
-We will also need the code verifier used to generate the code challenge in Step 1.
-
-```cpp
-client->GetToken(YOUR_DISCORD_APPLICATION_ID, code, codeVerifier.Verifier(), redirectUri,
-  [client](discordpp::ClientResult result,
-    std::string accessToken,
-    std::string refreshToken,
-    discordpp::AuthorizationTokenType tokenType,
-    int32_t expiresIn,
-    std::string scope) {
-    std::cout << "🔓 Access token received! Establishing connection...\n";
-    // Next step: Update the token in the client and connect to Discord
-  });
-```
-
 #### Server-to-Server Get Token Exchange
 
 If your application uses a backend server and does **not** have `Public Client` enabled, you can manually exchange the authorization code for an access token using the Discord API.
@@ -162,6 +143,25 @@ def exchange_code(code, redirect_uri):
 }
 ```
 
+<PublicClient />
+
+If your app does not have a backend server, enable `Public Client` in the Discord Developer Portal and use [`Client::GetToken`] to automatically exchange the authorization code for a token.
+
+We will also need the code verifier used to generate the code challenge in Step 1.
+
+```cpp
+client->GetToken(YOUR_DISCORD_APPLICATION_ID, code, codeVerifier.Verifier(), redirectUri,
+  [client](discordpp::ClientResult result,
+    std::string accessToken,
+    std::string refreshToken,
+    discordpp::AuthorizationTokenType tokenType,
+    int32_t expiresIn,
+    std::string scope) {
+    std::cout << "🔓 Access token received! Establishing connection...\n";
+    // Next step: Update the token in the client and connect to Discord
+  });
+```
+
 ---
 
 ## Working with Tokens
