Nope because PKCE solves the problem of the thing being stolen ... • Aaron Parecki

80°F

alianora https://cybre.space/@nightpool • May 2
@aaronpk isn't the section you linked to just as much of a concern under the authorization code flow as the implicit flow? since javascript clients are public clients no matter what?

Nope because PKCE solves the problem of the thing being stolen during the redirect.

San Jose, California • 49°F

Thu, May 2, 2019 3:39pm -07:00

1 reply
Have you written a response to this? Let me know the URL:
- alianora cybre.space/@nightpool
  
  @aaronpk huh? But the redirect_uri is controlled by the same person who controls the code_challenge
  
  Thu, May 2, 2019 10:48pm +00:00

Posted in /replies using monocle.p3k.io