I totally agree, this error message makes no sense. I'm going ... • Aaron Parecki

45°F

Brock Allen https://twitter.com/BrockLAllen • Feb 25
Arguably, tho, PKCE and putting a client secret into a SPA are orthogonal. It's conflating two things that work differently. Poor devs can't understand those differences.

The error should be "we see you sent a client secret and an Origin header. is your client a SPA?"

I totally agree, this error message makes no sense. I'm going to file a ticket tomorrow internally to fix it.

Portland, Oregon, USA • 33°F

Thu, Feb 24, 2022 7:18pm -08:00

Have you written a response to this? Let me know the URL:

Posted in /replies using quill.p3k.io