IoT Stadium

Flow Signin With PKCE

In this section, you need to follow the following steps so you can get the authentication token before redirecting you to the authorization server.

PKCE protects against authorization code interception attacks. Without PKCE, if a malicious actor intercepts the authorization code during the OAuth process, they could exchange it for an access token. PKCE adds an extra layer of security by requiring the client to prove it originally requested the authorization code.