diff --git a/gitea/oauth2.go b/gitea/oauth2.go
index ec1a074..86e2568 100644
--- a/gitea/oauth2.go
+++ b/gitea/oauth2.go
@@ -13,12 +13,13 @@ import (
 
 // Oauth2 represents an Oauth2 Application
 type Oauth2 struct {
-	ID           int64     `json:"id"`
-	Name         string    `json:"name"`
-	ClientID     string    `json:"client_id"`
-	ClientSecret string    `json:"client_secret"`
-	RedirectURIs []string  `json:"redirect_uris"`
-	Created      time.Time `json:"created"`
+	ID                 int64     `json:"id"`
+	Name               string    `json:"name"`
+	ClientID           string    `json:"client_id"`
+	ClientSecret       string    `json:"client_secret"`
+	RedirectURIs       []string  `json:"redirect_uris"`
+	ConfidentialClient bool      `json:"confidential_client"`
+	Created            time.Time `json:"created"`
 }
 
 // ListOauth2Option for listing Oauth2 Applications
@@ -29,8 +30,8 @@ type ListOauth2Option struct {
 // CreateOauth2Option required options for creating an Application
 type CreateOauth2Option struct {
 	Name               string   `json:"name"`
-	RedirectURIs       []string `json:"redirect_uris"`
 	ConfidentialClient bool     `json:"confidential_client"`
+	RedirectURIs       []string `json:"redirect_uris"`
 }
 
 // CreateOauth2 create an Oauth2 Application and returns a completed Oauth2 object.
diff --git a/gitea/oauth2_test.go b/gitea/oauth2_test.go
index e18c760..c3641eb 100644
--- a/gitea/oauth2_test.go
+++ b/gitea/oauth2_test.go
@@ -18,27 +18,62 @@ func TestOauth2(t *testing.T) {
 	user := createTestUser(t, "oauth2_user", c)
 	c.SetSudo(user.UserName)
 
-	newApp, _, err := c.CreateOauth2(CreateOauth2Option{Name: "test", RedirectURIs: []string{"http://test/test"}})
-	assert.NoError(t, err)
-	assert.NotNil(t, newApp)
-	assert.EqualValues(t, "test", newApp.Name)
+	type test struct {
+		name               string
+		confidentialClient *bool
+	}
+	boolTrue := true
+	boolFalse := false
 
-	a, _, err := c.ListOauth2(ListOauth2Option{})
-	assert.NoError(t, err)
-	assert.Len(t, a, 1)
-	assert.EqualValues(t, newApp.Name, a[0].Name)
+	testCases := []test{
+		{"ConfidentialClient unset should fallback to false", nil},
+		{"ConfidentialClient true", &boolTrue},
+		{"ConfidentialClient false", &boolFalse},
+	}
 
-	b, _, err := c.GetOauth2(newApp.ID)
-	assert.NoError(t, err)
-	assert.EqualValues(t, newApp.Name, b.Name)
+	for _, testCase := range testCases {
+		createOptions := CreateOauth2Option{
+			Name:         "test",
+			RedirectURIs: []string{"http://test/test"},
+		}
+		if testCase.confidentialClient != nil {
+			createOptions.ConfidentialClient = *testCase.confidentialClient
+		}
 
-	b, _, err = c.UpdateOauth2(newApp.ID, CreateOauth2Option{Name: newApp.Name, RedirectURIs: []string{"https://test/login"}})
-	assert.NoError(t, err)
-	assert.EqualValues(t, newApp.Name, b.Name)
-	assert.EqualValues(t, "https://test/login", b.RedirectURIs[0])
-	assert.EqualValues(t, newApp.ID, b.ID)
-	assert.NotEqual(t, newApp.ClientSecret, b.ClientSecret)
+		newApp, _, err := c.CreateOauth2(createOptions)
+		assert.NoError(t, err, testCase.name)
+		assert.NotNil(t, newApp, testCase.name)
+		assert.EqualValues(t, "test", newApp.Name, testCase.name)
+		if testCase.confidentialClient != nil {
+			assert.EqualValues(t, *testCase.confidentialClient, newApp.ConfidentialClient, testCase.name)
+		} else {
+			assert.EqualValues(t, false, newApp.ConfidentialClient, testCase.name)
+		}
 
-	_, err = c.DeleteOauth2(newApp.ID)
-	assert.NoError(t, err)
+		a, _, err := c.ListOauth2(ListOauth2Option{})
+		assert.NoError(t, err, testCase.name)
+		assert.Len(t, a, 1, testCase.name)
+		assert.EqualValues(t, newApp.Name, a[0].Name, testCase.name)
+		assert.EqualValues(t, newApp.ConfidentialClient, a[0].ConfidentialClient, testCase.name)
+
+		b, _, err := c.GetOauth2(newApp.ID)
+		assert.NoError(t, err, testCase.name)
+		assert.EqualValues(t, newApp.Name, b.Name, testCase.name)
+		assert.EqualValues(t, newApp.ConfidentialClient, b.ConfidentialClient, testCase.name)
+
+		b, _, err = c.UpdateOauth2(newApp.ID, CreateOauth2Option{
+			Name:               newApp.Name,
+			ConfidentialClient: !newApp.ConfidentialClient,
+			RedirectURIs:       []string{"https://test/login"},
+		})
+		assert.NoError(t, err, testCase.name)
+		assert.EqualValues(t, newApp.Name, b.Name, testCase.name)
+		assert.EqualValues(t, "https://test/login", b.RedirectURIs[0], testCase.name)
+		assert.EqualValues(t, newApp.ID, b.ID, testCase.name)
+		assert.NotEqual(t, newApp.ClientSecret, b.ClientSecret, testCase.name)
+		assert.NotEqual(t, newApp.ConfidentialClient, b.ConfidentialClient, testCase.name)
+
+		_, err = c.DeleteOauth2(newApp.ID)
+		assert.NoError(t, err, testCase.name)
+	}
 }