Skip to main content

How to work with Authorization Code Flow with PKCE in any Environment with the help of API?

The Authorization Code Flow + Proof Key for Code Exchange (PKCE) is an OpenId Connect flow specifically designed to authenticate native or mobile application users. It is barely describable in a few sentences, we try, but at this point we want to link to the documentation.

Note: This flow is considered the best practice when using Single Page Apps (SPA) or Mobile Apps.The primary difference between the PKCE flow and the standard Authorization Code flow is that users aren’t required to provide a client_secret. PKCE reduces security risks for native apps, as embedded secrets aren’t required in the source code. This minimizes the exposure to reverse engineering security threats.

For more detailed information on this, do visit our documentation.

Need Support?

Please contact us directly on our support page