Bytesized • Breaking down the most important ideas in software development.

Advanced Single Page App Authentication

At the end of 2018, the OAuth working group released a new best current practices (BCP) document which recommended developers no longer implement the Implicit Grant Authorization Flow and instead implement the Auth Code with PKCE Authorization Flow. Unfortunately, the majority of Single Page Applications today implement the Implicit Flow. In this talk we’ll discuss the impacts of the BCP, compare differences between Implicit and Auth Code with PKCE, demo both of these approaches in a modern SPA, and share the knowledge you need to know when deciding on whether to follow the BCP or continue with the Implicit Grant for your authentication and authorization purposes.

Enjoying these posts? Subscribe for more

Subscribe to be notified of new content and support Bytesized! You'll be a part of the community helping keep this site independent and ad-free.

You've successfully subscribed to Bytesized
Great! Next, complete checkout for full access to Bytesized
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.