The section on Authorization Code Flow says:

NMOS Controllers are OAuth 2.0 public clients which means they cannot securely store the Client Secret.

Does the guide also need to cover confidential clients? Or at least mention?