@aaronpk.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Aaron Parecki

aaronpk.com

did:plc:s2koow7r6t7tozgd4slc3dsg

tl;dr: Don't accept access tokens in your redirect URI (don'to use the implicit flow) PKCE solves this attack and is enforced by the server rather than relying on client developers to "verify the access token" as described in the post

2023-10-26T15:51:27.935Z