Understanding PKCE in OAuth 2.0: What, Why, and When to Use It

December 12, 2024

Tags: #oauth #oidc #authentication #pkce #video

In this video, I break down PKCE (Proof Key for Code Exchange), a crucial enhancement to the OAuth 2.0 Authorization Code Grant. Learn how PKCE works, why it was introduced, and when it’s essential to ensure secure communication between your app and authorization server.

Whether you’re building a mobile, desktop, or SPA (single-page application), understanding PKCE can help protect your app against common security threats like authorization code interception.

📚 Topics Covered:

• What is PKCE?
• The mechanics of PKCE step-by-step.
• Why PKCE is important for public clients.
• Scenarios where PKCE is a must-have.

Watch this video to see all the details and how it works!

Don’t forget to subscribe to my YouTube channel!

Example sourcecodes (even if they are not used in this video) are available on my GitHub repository:

« KEYCLOAK Persistent User Sessons