|
|
|
|
|
|
by whatusername
1144 days ago
|
|
|
So make sure you are doing PKCE for public clients. With that, and the redirect URL (and therefore trusting DNS), and the other browser security model stuff…. You’re in fairly good shape. There’s newer standards coming like DPoP - but it’s probably not worth it yet. |
|
|