.NET developer blog

Obtain access token via authorization code grant with PKCE in angular using oidc-client-js and Microsoft Identity Platform.

Published April 13, 2020 in Angular , Azure , Azure Active Directory , OAuth2 , OpenID Connect , security - 2 Comments

Recently, I learned about why implicit flow is not secure because of exposing the access token in the browser. Authorization code grant with PKCE is more secure and should be preferred over implicit flow for protecting a public application which cannot keep the client secret secure. The good new is if you already use oidc-client-js and get tokens from azure ad via implicit flow, the changes you have to make to use authorization code flow with PKCE are minimal. In this post, I show what you need to change to use authorization code grant with PKCE.

Tags: authorization code , authorization code grant with PKCE , Microsoft Identity Platform , msal.js , oidc-client-js

Tag Archives for " msal.js "

Obtain access token via authorization code grant with PKCE in angular using oidc-client-js and Microsoft Identity Platform.