Hi Albin,
Are you writing both the client and the server or writing client code to
auth against a standard server? Unless you are writing the auth server
code, using a library would be the best way to simplify.
Thanks
Naveen
On Fri, Feb 28, 2020 at 7:48 AM Albin Nilsson wrote:
> Hello,
>
> I'
> On Feb 28, 2020, at 8:46 AM, Albin Nilsson wrote:
>
> Hello,
>
> I'm having some trouble with oauth and the Authorization Code flow and PKCE.
> How can I get a refresh token? The refresh token flow requires a
> client_secret, but PKCE prohibits client_secret. Is refresh token a no go?
PKC
Hi Albin,
It’s important to note that PKCE does explicitly prohibit
client_secret, just offers a secure way of obtaining an access token
when it’s impossible for a client_secret to be kept secret, as would
be the case with a mobile application. The type of attack it prevents
against is during the
Hello,
I'm having some trouble with oauth and the Authorization Code flow and
PKCE. How can I get a refresh token? The refresh token flow requires a
client_secret, but PKCE prohibits client_secret. Is refresh token a no go?
Kind regards,
Albin
___
OAuth