[Openid-specs-ab] Best practices for native+server client
Nat Sakimura
sakimura at gmail.com
Mon Jul 22 16:38:05 UTC 2019
So do you think it is a good idea to codify it in a short spec?
I have seen too many of bad patterns lately :-(
On Mon, Jul 22, 2019 at 10:10 AM Torsten Lodderstedt
<torsten at lodderstedt.net> wrote:
>
>
>
> > On 20. Jul 2019, at 21:03, Nat Sakimura via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> >
> > An app sending a PKCE request and getting back the code that is being sent to the server with the code verifier that are used by the server component to obtain ID Token feels a bit better.
>
> I agree.
>
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
More information about the Openid-specs-ab
mailing list