Encrypting Identity Tokens in IdentityServer4

added by DotNetKicks
4/10/2019 12:44:15 PM

1 Kicks, 120 Views

I previously wrote an article on how to use Proof-Key for Code Exchange (PKCE) in a server-side ASP.NET Core application. In the IdentityServer world authorization code with PKCE now replaces OpenID Connect's (OIDC) hybrid flow as our most secure authorization method; however, not all client libraries or even OpenID Providers support PKCE yet.