I am new to auth0, reading docs I see the need for PKCE in single page APP and I am curious to know If regular web app can also use PKCE by making Token Endpoint Authentication Method to None?
Hi there @karthik.jeeva !
While I believe technically possible, none of our regular web app specific SDKs support PKCE - The primary reason being that typically the client is confidential (server side) and can thus store a client secret appropriately. A securely stored client secret is generally considered a better option.
Hope this helps to clarify!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.