Auth0 Home Blog Docs

Authorization Extension and Non-Interactive Clients

authorization-extens

#1

In reading the docs, I have got myself confused on the conditions for the Authorization Extension. For the documents for the PKCE it uses the Non Interactive Client. But, for the documents for the Authorization Extension, it is explicitly pointed out that the Non Interactive Client is not supported. For the example of the Mobile+API that we initially followed, the Native client is suggested. Is there a recommendation on what client type to use for an iOS App that wants to use PKCE? Should Authorization Extension NOT be used with PKCE?


#2

The client type for an iOS application should be Native and going for this would have settings by default that would be applicable for the PKCE flow (the recommendation for native applications).

In addition, the authorization extension manages groups, roles, permissions for end-users so it’s not applicable for a client credentials flow because on that flow there is no notion of an end-user. However, since the PKCE is an end-user based flow then the authorization extension could be applicable as there would indeed be an end-user associated with the authentication flow.


#3