10 Matching Annotations
- Nov 2022
-
www.taniarascia.com www.taniarascia.com
-
www.jvt.me www.jvt.me
-
-
Proof of Key Code Exchange is an OAuth2 extension that recently been adopted as the standard for both OAuth 2.1 and IndieAuth, and provides additional security for attacks on the Authorization Code flow.
-
-
developer.okta.com developer.okta.com
-
Here’s what this flow looks like:
-
-
-
the OAuth 2.0 grant type, Authorization Code Flow with Proof Key for Code Exchange (PKCE).
-
-
frontegg.com frontegg.com
Tags
Annotators
URL
-
-
auth0.com auth0.com
-
If the Client is a Single-Page App (SPA), an application running in a browser using a scripting language like JavaScript, there are two grant options: the Authorization Code Flow with Proof Key for Code Exchange (PKCE) and the Implicit Flow with Form Post. For most cases, we recommend using the Authorization Code Flow with PKCE because the Access Token is not exposed on the client side, and this flow can return Refresh Tokens.
-
Which OAuth 2.0 Flow Should I Use?
-
If the Client is a regular web app executing on a server, then the Authorization Code Flow is the flow you should use. Using this the Client can retrieve an Access Token and, optionally, a Refresh Token.
-