Difference between sending OAuth codes and jwt tokens in URL query security

tyf · May 10, 2023, 12:42am

Hey there @iKingNinja welcome to the community!

Neither of these flows (Authorization code nor Implicit) are considered best practice for public applications (SPA, Native) - Authorization code with PKCE is preferred for the very reason you mention, exposing codes/tokens in a url.

Topic		Replies	Views
How to Securely Pass a JWT in the URL Query Parameters of a GET Request Knowledge Articles jwt , url , query-parameters , get	1	29662	July 6, 2021
How access token is not exposed on the client side? Get Help configuration , application	2	234	June 20, 2024
Using two JWT tokens for websockets Get Help jwt , auth0	1	4082	August 9, 2020
JWT.IO Devs - can you make available a query string so we can send a JWT as part of the page request? JWT.io	2	4876	August 28, 2019
Pass JWT token to frontend Get Help token , jwt , bearer-token , token-url , j	4	7579	March 2, 2018