Discussion about this post

User's avatar
Ben's avatar

Hey,I wanted to raise a point regarding the JWT authentication flow depicted in the GIF. The flow shown, termed "Implicit Flow" [1], is no longer recommended and is, in fact, considered deprecated. The preferred approach is the Authorization Code Grant [2], enhanced with the Proof Key for Code Exchange (PKCE) extension [3].

[1] https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.2

[2] https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1

[3] https://www.rfc-editor.org/rfc/rfc7636

Expand full comment
Anil's avatar

You are supposed to follow cryptographic tradition and name Alice (for 'A') and Bob (for 'B'), not John!

Expand full comment
6 more comments...

No posts