Client Authentication vs. PKCE: Do you need both?

added by DotNetKicks
6/1/2021 4:20:32 PM

739 Views

Recently, I have received questions asking if Proof-Key for Code Exchange (PKCE) is a replacement for OAuth client authentication and, if so, why do my articles still use a client secret for server-side applications? Is PKCE a replacement for client authentication? The short answer is: no. Should you still use client authentication were possible?


0 comments