Good question. PKCE is an extension and…

I replied to the following: ↷

Is `state` still useful when PKCE is forced? · Issue #120 · indieweb/indieauth

↑ by someone • archived copy • current

Good question. PKCE is an extension and not part of OAuth main (from what I understand) so I imagine that state and the PKCE logic allows for some more validation that a server and client can allow for verification, like being able to choose what kind of hashing algorithm in advance (my implementation opts for S512).

Posted with Quill at 2023-03-22T20:02:18Z in Everything

Shared to GitHub

Engagement is powered by Webmentions — a premier standard of the Web to let other sites know you've mentioned them. Learn how to reply from your own site. or from a supported silo Aaron has an interactive post about this. If you've mentioned this URL via another one, use the form below to submit it.

If you don't currently own your replies, then you can click below to do so.

I currently aim to own my comments and plan to eventually show those I've received once I finish Lighthouse.