Is it possible to use PKCE authorization code flow for regular web app?

I am new to auth0, reading docs I see the need for PKCE in single page APP and I am curious to know If regular web app can also use PKCE by making Token Endpoint Authentication Method to None?

Hi there @karthik.jeeva !

While I believe technically possible, none of our regular web app specific SDKs support PKCE - The primary reason being that typically the client is confidential (server side) and can thus store a client secret appropriately. A securely stored client secret is generally considered a better option.

Hope this helps to clarify!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.