Auth0 Home Blog Docs

Authorization for native applications using PKCE



Hi, I have created a command line utility which uses the PKCE flow to obtain an access token. Now I noticed that the native application can request access to any API and request any scope.

How can I limit access to APIs and scopes for native applications?




The following (from @john.gateley) might be useful. CLI with PKCE, uses a rule to control CLI access: