This repository was archived by the owner on Dec 30, 2022. It is now read-only.
Update Auth flow to PKCE when available #13
Description
https://auth0.com/blog/oauth2-implicit-grant-and-spa/
From the gatsby+auth0 tutorial blog:
Note: This tutorial uses the traditional implicit grant flow. The OAuth2 working group published a new general security best current practices document which recommends the authorization code grant with Proof Key for Code Exchange (PKCE) to request access tokens from SPAs. The Auth0 JS SDK will soon support this flow for SPAs and we'll update the article at that time. You can read more about these changes in this article by Auth0 Principal Architect Vittorio Bertocci.