Share your craft projects
Make new craft buddies
Ask craft questions
Blog your craft journey
oidc
OAuth 2.0 Authorization Code with PKCE for public clients
For browser and mobile clients, PKCE closes an important hole in the classic authorization code flow. I use it by default with public clients, require exact redirect URI matching, and keep token exchange on TLS only. This is one of those cases where t
by
Kai Nakamura