https://christianlydemann.com/implicit-flow-vs-code-flow-with-pkce/ Advanced Angular Training Made Simple Fri, 16 Sep 2022 16:24:00 +0000 hourly 1 https://wordpress.org/?v=6.7.4 https://christianlydemann.com/implicit-flow-vs-code-flow-with-pkce/#comment-167443 Fri, 16 Sep 2022 16:24:00 +0000 https://christianlydemann.com/?p=3732#comment-167443 A man-in-the-middle cannot just see traffic, he can also manipulate traffic and thus also change the code_challenge and code_challende_method as he desires. Also if you can see the authorization token, you can see any requested access token fetched with it later on. I fail to see how this is supposed to protect against a real MitM attack.

]]> https://christianlydemann.com/implicit-flow-vs-code-flow-with-pkce/#comment-23019 Wed, 27 Nov 2019 11:04:00 +0000 https://christianlydemann.com/?p=3732#comment-23019 Nice explanation. I will try with React. Thanks a lot.

]]>