undefined | Better HN

0 pointsmooreds5y ago0 comments

The best practice for native apps is to use PKCE now, I believe.

See section 4.1.1 of the OAuth 2.1.1 spec ( https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00 ) which was, I believe also included in the security best practices.

0 comments

will42745y ago

While that's true, it's irrelevant to my comment. PKCE is layered on top of the either of the two strategies I described and solves a totally different problem (untrustworthy user agents).

j / k navigate · click thread line to collapse

0 pointsmooreds5y ago0 comments

The best practice for native apps is to use PKCE now, I believe.

See section 4.1.1 of the OAuth 2.1.1 spec ( https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00 ) which was, I believe also included in the security best practices.

0 comments

will42745y ago

While that's true, it's irrelevant to my comment. PKCE is layered on top of the either of the two strategies I described and solves a totally different problem (untrustworthy user agents).

j / k navigate · click thread line to collapse