OAuth Sketch Notes - Live Q&A

Why do we need PKCE in OAuth? How does PKCE work? What’s the difference between the front channel and back channel? Can SPAs even use a back channel?

These are just a few of the things we talked about during this sketch notes livestream! Developer advocates Lee Brandt and Aaron Parecki discuss PKCE, cross-site scripting, OAuth vs OpenID Connect and more, all while David Neal sketched notes live!

Some of the other topics covered include the differences and tradeoffs between embedded or redirect based login flows, how passwordless login works in relation to OAuth, and how sending data in the front channel is like using a package delivery service.

Check out the completed sketch notes below!

OAuth Q&A Sketch Notes

We are always posting new content. If you like this content, be sure to follow us on Twitter, subscribe to our YouTube Channel, and follow us on Twitch.

Aaron Parecki is a Senior Security Architect at Okta. He is the author of OAuth 2.0 Simplified, and maintains oauth.net. He regularly writes and gives talks about OAuth and online security. He is an editor of several internet specs, and is the co-founder of IndieWebCamp, a conference focusing on data ownership and online identity. Aaron has spoken at conferences around the world about OAuth, data ownership, quantified self, and home automation, and his work has been featured in Wired, Fast Company and more.