Entirely agree and we recommend using Auth Code+PKCE whenever possible. This post is intended to be the first of a few starting with the base spec. In the next one, I plan to go over the RFCs for JWT, Revocation, Inspection, PKCE, the AppAuth pattern, and probably a few others.
Entirely agree and we recommend using Auth Code+PKCE whenever possible. This post is intended to be the first of a few starting with the base spec. In the next one, I plan to go over the RFCs for JWT, Revocation, Inspection, PKCE, the AppAuth pattern, and probably a few others.
Thanks for the note though.