DEV Community


Discussion on: OpenID Connect, SPA and backend APIs - Authentication in modern web applications

tlodderstedt profile image
Torsten Lodderstedt

Thanks for the interesting writeup. One note: you mentioned would follow the new OAuth guidelines, which is great! However, I think you use the code grant type with PKCE and not PKCE alone.

pjeziorowski profile image
Patryk Jeziorowski Author

You're welcome:) Good catch, you're right. It's the default when you use Auth0's client lib for SPAs.