Why do we need PKCE in OAuth? How does PKCE work? What’s the difference between the front channel and back channel? Can SPAs even use a back channel? These are just a few of the things we talked about during this sketch notes livestream! Developer advocates Lee Brandt and Aaron Parecki discuss PKCE, cross-site scripting, OAuth vs OpenID Connect and more, all while David Neal sketched notes live! Some of the other topics covered include...

Read more

React Native is a mobile app development framework that allows you to use React to build native iOS and Android mobile apps. Instead of using a web view and rendering HTML and JavaScript, it converts React components to native platform components. This means you can use React Native in your existing Android and iOS projects, or you can create a whole new app from scratch. In this post, I’ll show you how to add a...

Read more

Imagine two levers that are inversely connected. That is, as one goes up, the other goes down. One lever is User Experience and the other is Security. It’s not a perfect analogy, but most developers can attest that as user experience goes up, security goes down. Take browser history syncing for example. I can start a session with my bank on Firefox mobile and pick up right where I left off on Firefox desktop. From...

Read more

You may have heard some buzz recently about the OAuth 2.0 Implicit flow. The OAuth Working Group has published some new guidance around the Implicit flow and JavaScript-based apps, specifically that the Implicit flow should no longer be used. In this post we’ll look at what’s changing with the Implicit flow and why. The Best Practice Around Implicit in OAuth 2.0 is Changing The Implicit flow in OAuth 2.0 was created nearly 10 years ago,...

Read more