This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Regarding #1: "Why do we need to use PKCE specification, when Client App
is sending it's unique Client ID & Client secret?"The answer is that you
do NOT need PKCE in this scenario. The title of RFC 7636 is "Proof Key
for Code Exchange by OAuth Public...