Why doesn't PKCE help for authentication? Warren Parad
Founder, CTO Secure your user data and complete your authorization architecture. Implement Authress <https://authress.io>. On Sun, Feb 14, 2021 at 2:48 PM Stoycho Sleptsov <[email protected]> wrote: > I would like to add my reasons about the "Why are developers creating BFF > for their frontends to communicate with an AS", > with the objective to verify if they are valid. > > I need the client app. to be authenticated at the AS (to determine if it > is a first-party app., for example). > If we decide to implement our client as a frontend SPA , then we have no > other option except through a BFF, as PKCE does not help for authentication. > > Or is it considered a bad practice to do that? > > Regards, > Stoycho. >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
