Why do we need PKCE in OAuth? How does PKCE work? What’s the difference between the front channel and back channel? Can SPAs even use a back channel?
These are just a few of the things we talked about during this sketch notes livestream! Developer advocates Lee Brandt and Aaron Parecki discuss PKCE, cross-site scripting, OAuth vs OpenID Connect and more, all while David Neal sketched notes live!
Some of the other topics covered include the differences and tradeoffs between embedded or redirect based login flows, how passwordless login works in relation to OAuth, and how sending data in the front channel is like using a package delivery service.
Check out the completed sketch notes below!