A public client is a type of application that cannot securely store credentials or secrets, often because it runs on end-user devices or in environments where the code is exposed, such as mobile apps or browser-based applications. This necessitates the use of authorization flows that do not rely on client secrets, like OAuth 2.0's implicit or PKCE flows, to ensure secure access to resources.