Developing a web or native App with OAuth2 and PKCE

Single page web applications or native apps cannot keep their client secrets private and are therefor called public clients. For such cases the client secret can be omitted by relying on PKCE.

Last updated