Quote of the Day

more Quotes

Categories

Recent Posts

Top Posts

Get notified of new posts

Buy me coffee

  • Home>
  • authorization code grant with PKCE
Tag Archives for " authorization code grant with PKCE "

Obtain access token via authorization code grant with PKCE in angular using oidc-client-js and Microsoft Identity Platform.

Published April 13, 2020 in Angular , Azure , Azure Active Directory , OAuth2 , OpenID Connect , security - 2 Comments

Recently, I learned about why implicit flow is not secure because of exposing the access token in the browser. Authorization code grant with PKCE is more secure and should be preferred over implicit flow for protecting a public application which cannot keep the client secret secure. The good new is if you already use oidc-client-js and get tokens from azure ad via implicit flow, the changes you have to make to use authorization code flow with PKCE are minimal. In this post, I show what you need to change to use authorization code grant with PKCE.

Continue reading

Tags: authorization code , authorization code grant with PKCE , Microsoft Identity Platform , msal.js , oidc-client-js