>
= PKCE =
Proof Key for Code Exchange): For mobile or Single Page Applications (SPAs) we should use Authorization Code Grant with PKCE.
== Keycloak PKCE client Gemini generated ==
* Prompt: Could you implement a javascript client with html with no nodejs need ?
{{{#!highlight xml
OAuth2 PKCE Client
OAuth2 JS Client (No Node.js)
Checking status...
Token Info:
Not logged in.
}}}
== Azure Entra ID PKCE client - Gemini generated ==
* Prompt: Can you adapt the html to azure entra id endpoints ?
{{{#!highlight xml
Azure Entra ID PKCE Client
Azure Entra ID Auth (Plain JS)
Checking session...
Token Response:
Not authenticated.
}}}
== True OBO RFC 8693 token exchange ==
OBO(On Behalf Of flow) can be used in IdP (identity providers) like Azure or keycloak. It makes a user acquire a JWT token to act as another user, act on his behalf.