|
|
|
|
|
|
by emadda
170 days ago
|
|
|
PKCE protects the auth token from interception by making it so that only your code that started the flow can redeem it by proving they have the secret code_verifier on the redeem_token() call. The code_challenge == sha256(code_verifier). You will share the code_challenge at the start of the flow. |
|
|