Hello @Mahmoud Ismael ,
Thanks for reaching out.
There are two different type of client applications supported by Azure AD,
- Confidential client applications
- Public client applications
In case of "Confidential client applications" which require "client_secret" during authentication Example: apps that run on servers (web apps, web API apps, or even service/daemon apps) , but for "Public client applications" "client_secret" doesn't require as these apps that run on devices or desktop computers or in a web browser. They're not trusted to safely keep application secrets, so they only access web APIs on behalf of the user. (They support only public client flows.) Public clients can't hold configuration-time secrets, so they don't have client secrets.
To learn more, refer. Hope this helps.
You can verify "Public client flows" from authentication tag as shown:
---
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.