Aaron Parecki
https://aaronparecki.com/
•
Apr 24
BCP for public UA clients:
• use the authorization code flow
• omit client secret
• strict redirect URI validation
Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps
• use the authorization code flow
• omit client secret
• strict redirect URI validation
Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps
