Why do OAuth2 PKCE authorization codes have client_id?
If I’m understanding OAuth2 PKCE right, it is to be used in cases where a client cannot be trusted to hold onto a client secret. I also understand (reading RFC 6749) that a client id is not a secret.
This means that a PKCE authorization t… Continue reading Why do OAuth2 PKCE authorization codes have client_id?