PKCE replaces the client secret used in the standard Authorization Code flow with a one-time code challenge. This makes the client app doesn’t have to store a client secret.
https://web-in-security.blogspot.com/2017/01/pkce-what-cannot-be-protected.html
Top comments (0)