Can I get some clarification on the following
I have an Android native client, initially I did a POC with embedded lock for authentication. By the time I got around to wanting to flesh out my logon/token/refresh life cycle the recommendations had changed to browser based authentication as per this link:
so I used the Auth0 Android SDK for java and implemented as directed, this is now working pretty much exactly how I want in my client.
But I see now the recommendation is for PKCE grant-type authentication when using native mobile to then access an API as per these two links:
saying this is more secure
So should i switch to PKCE or remain as per the previous best practice, what is the better approach to take?