Torsten Lodderstedt
Nov 1 · 1 min read

Thanks. PKCE is not an alternative to code. PKCE is an addition to the code flow to prevent code replay and it is recommended by the OAuth 2.0 Security Guidelines (https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.1.1).

OAuth 2

Learnings, Patterns and Ideas around use of OAuth 2.0

    Torsten Lodderstedt

    Written by

    Torsten is CTO@yes.com, software architect with strong security interest, identity nerd, contributor to OAuth, OpenID, Open Banking & Electronic Signatures

    OAuth 2

    OAuth 2

    Learnings, Patterns and Ideas around use of OAuth 2.0

    Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
    Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
    Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade