Developing a Backend App with OAuth2

Backend driven apps can keep secrets private and may therefor use the client_secret to retrieve refresh_tokens without using PKCE, although using PKCE additionally is suggested.

Last updated