Proof of Key Code Exchange or PKCE should be implemented wherever possible as it offers protection against bad actors potentially intercepting the code and using it to retrieve a token fraudulently.
PKCE should especially be implemented in native apps, or single-page applications that initiate OAuth requests client-side, as storing your Client Secret in application source code may expose it if the app is decompiled.
Comments
0 comments
Please sign in to leave a comment.