|
|
|
|
|
|
by ximm
173 days ago
|
|
|
I also think these are very similar. The main difference in my view is that the state parameter is checked by the client, while PKCE is checked by the server. I run an authentication server and requiring PKCE allows me to make sure that XSS protection is handled for all clients. |
|
|