re: OpenID Connect, SPA and backend APIs - Authentication in modern web applications VIEW POST


Thanks for the interesting writeup. One note: you mentioned would follow the new OAuth guidelines, which is great! However, I think you use the code grant type with PKCE and not PKCE alone.


You're welcome:) Good catch, you're right. It's the default when you use Auth0's client lib for SPAs.

code of conduct - report abuse