You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PKCE is very useful, especially for clients that don't have a client secret, which is all IndieAuth clients. We should include this in the spec so that every IndieAuth client and server does PKCE by default.
The text was updated successfully, but these errors were encountered:
For backwards compatibility, IndieAuth servers will need to support non-PKCE clients. If the auth code request contains a code_challenge then the token request MUST include code_verifier. If the auth code request does not contain code_challenge, the token request MUST NOT include a code_verifier.
PKCE is very useful, especially for clients that don't have a client secret, which is all IndieAuth clients. We should include this in the spec so that every IndieAuth client and server does PKCE by default.
The text was updated successfully, but these errors were encountered: