Security Best Practices
Use PKCE: Ensure that you use Proof Key for Code Exchange (PKCE) to secure your authorization code flow.
Validate State and Nonce: Always validate the state and nonce to prevent CSRF and replay attacks.
Store Tokens Securely: Store tokens securely in your application, preferably in secure HTTP-only cookies.
Use Tested Libraries: Instead of using the helper functions from this code, use battle-tested libraries for handling PKCE, state, nonce, parsing JWT etc.
Last updated