From the course: Web Security: OAuth and OpenID Connect
Join today to access over 24,900 courses taught by industry experts.
When should you use PKCE? - OAuth Tutorial
From the course: Web Security: OAuth and OpenID Connect
When should you use PKCE?
- [Instructor] Now when do we use the authorization code flow as PKCE or simply Pixy? If we go back to the decision tree from our grant type video, we have the same three questions as always. First, do we have a user involved. And yes we do, which means we can also use this grant type for OpenID Connect in addition to basic OAuth. Next, we need to have a browser available in the system we're using. This isn't for simple smart devices or things like that. Finally, our app will have a client-side component. Therefore, Pixy is ideal for mobile apps or single-page apps. Or to put it another way, if you ever see the hybrid grant type or implicit grant type in any sort of guidance, documentation, or et cetera, you probably want to use Pixy instead. Those were the old ways of doing things before we had this additional extension. Now, most people will also want to consider this for smart devices, like an Xbox. At first…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Overview: Authorization Code Flow1m 58s
-
(Locked)
When should you use this?1m 40s
-
(Locked)
Lab: Build an example (web app or Postman)4m 11s
-
(Locked)
Auth-Code and PKCE overview2m 25s
-
(Locked)
When should you use PKCE?1m 37s
-
(Locked)
Lab: Build an example (native app or spa)3m 39s
-
(Locked)
Security considerations2m 17s
-
(Locked)
-
-
-
-
-
-