“OAuth 2 Detailed Explanation (6): Authorization Code Flow with PKCE” We learned earlier that the `Authorization Code` mode is the safest mode, but the server must be involved, because the `client_secret` must be stored in the service End is safe. OAuth 2.0 defines an extension mode in [RFC7636](https://ift.tt/aV63EmA), in this mode, the client does not need to use `client_secret`, the full name of PKCE in the mode is Proof Key for Code Exchange . So how to understand this? Simply put, we are still…
This article is reprinted from https://jiajunhuang.com/articles/2022_10_12-oauth2_explained_authorization_code_pkce.md.html
This site is for inclusion only, and the copyright belongs to the original author.