The OAuth standard has been around for a while, but traditionally it has required a back-end server to hold a client secret, well, secret. Managing secrets can be a very hard problem to solve. Until now! By supporting Proof Key for Code Exchange, or PKCE, OAuth flows can now be accomplished entirely in the client--and still be secure. In this talk we begin the standard three-legged flow and then introduce PKCE. By the time you leave, you will understand how to implement it in your client applications and the benefits for doing so.
This version was presented at Indy.Code() 2022.