• #dev 2018-08-08
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2018-08-08 UTC
# 13:42
Zegnat I was mainly wondering if it isn’t a better client_secret than client_secret is. Because with client_secret, if the mallicious party can access the HTTP messages, they might be able to just read it from your first request. While with code_challenge, if the mallicious party reads it they will still need to find the original code_verifier value to make use of it.