7 Matching Annotations
  1. Sep 2019
    1. it's not that there are new vulnerabilities that have been identified in the implicit flow, just that PKCE offers a more secure alternative that you should use if you have the option

      Use PKCE instead of the implicit flow if you have a chance

    2. PKCE (which stands for "Proof Key for Code Exchange" and is pronounced "pixie") was originally developed to solve a problem specific to native mobile apps using OAuth 2.0

      PKCE (Proof Key for Code Exchange) is an extension to OAuth 2.0

    3. While this has worked and continues to work for a wide range of web applications, security experts had (and continue to have) concerns that it leaves open some potential attack vectors

      Implicit flow is still simple and very secure

    4. click a button that says "Sign in with GitHub." I am then sent to GitHub to sign in and, if this is my first time, grant permissions

      The Implicit flow:

      1. The application requests authorization from the user ➡
      2. The user authorizes the request ➡
      3. The authorization server issues an access token via the redirect URI ⬅
      4. The application uses the token to call the API ➡
  2. Aug 2017
    1. Most of the UI (user interface) elements we needed already existed in our toolkit of parts, with a few modifications.

      example of a good reason to use a modular component-based approach / styleguide

  3. Mar 2017
    1. One of the strengths of Aurelia is that you can write so much of your application in vanilla JS.

      By sticking close to standards, such as upcoming EcmaScript features, Aurelia code prepares for us for the future. It encourages writing code that will be relevant 2-5 years from now, or perhaps beyond.

  4. Feb 2015