From the course: Web Security: OAuth and OpenID Connect (2019)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Build an example: Native app or SPA
From the course: Web Security: OAuth and OpenID Connect (2019)
Build an example: Native app or SPA
Now that we've built the normal authorization code flow, let's use PKCE to see how it's different. Now just like the normal OAuth code flow, this requires a browser. But in order to show the individual steps, I've used OAuth.com's OAuth Playground. Scroll down here and click on OAuth Playground. That's because, as I noted in the overview, there are quite a few steps to apply to perform the proof key and code verifiers steps properly. It's easy to make mistakes here. So, please don't build this on your own. I do this for a living and I don't build my own either. First, we need a client configuration. So we can click here And we can view our registration information. If you're doing this lesson immediately after the authorization code flow, you may already have a client ID and user account set aside. If you do, that's great. You'll need those again. Otherwise, go ahead and generate a new one. And let's copy and paste this…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Overview: Authorization code flow1m 37s
-
(Locked)
When should I use this?1m 4s
-
(Locked)
PKCE Overview1m 54s
-
(Locked)
When should I use PKCE?1m 22s
-
(Locked)
Build an example: Web app or Postman4m 31s
-
(Locked)
Build an example: Native app or SPA2m 38s
-
(Locked)
Security considerations2m 15s
-
(Locked)
-
-
-
-
-
-
-