OpenID Connect Flows: From Implicit to Authorization Code with PKCE & BFF

June 4, 2024, 7:49 p.m. | Alexey

DEV Community dev.to

This article will review the principles behind various OpenID Connect (OIDC) authentication flows, from the simplest to the most modern, highlighting the vulnerabilities present in each.

We will explore each of the following OpenID Connect flows in detail:

Frontend-only implementations:

Implicit Flow

Authorization Code Flow with Proof Key for Code Exchange (PKCE)

Frontend and Backend implementations:

Authorization Code Flow with Token-Mediating Backend

Authorization Code Flow with Token-Mediating Backend and PKCE

Authorization Code Flow with PKCE and Backend for Frontend (BFF) …

article authentication authorization code connect flow frontend key oauth2 oidc openid openid connect principles proof review security vulnerabilities webdev

Visit resource

More from dev.to / DEV Community

SQL Course: One-to-one Relationships and Inner Joins. an hour ago | dev.to

bio can course image +9

Hackathon Winning 101: Insider Tips from a Seasoned Participant 2 hours ago | dev.to

advice ask beginners coding +12

Automating User Management with a Bash Script 2 hours ago | dev.to

article automated automation bash +16

Automating User Management with Bash Scripting: A Practical Guide 3 hours ago | dev.to

article automate automation bash +20

Bash Scripting: User Management, Password Generation, and Log Handling Simplified 3 hours ago | dev.to

access actions auditing bash +25

40 Days Of Kubernetes (8/40) 4 hours ago | dev.to

40daysofkubernetes container controller deployment +16

Major Identity Verification Firm AU10TIX Exposes User Data in Year-Long Security Lapse 4 hours ago | dev.to

au10tix breach compromised credentials +24

How to Implement Two-Factor Authentication (2FA) in Golang 5 hours ago | dev.to

2fa access authentication code +13

The 4 C’s Of Kubernetes Security 5 hours ago | dev.to

attackers bad bad actors can +15

Data Loss Prevention Analyst 1

@ Advanced Energy | Quezon City, 00, PH, n/a

View on infosec-jobs.com

TC-CS-DPP MS Purview-Staff

@ EY | Bengaluru, KA, IN, 560048

View on infosec-jobs.com

Consultant CSIRT Confirmé H/F (Paris)

@ EY | Paris La Défense, FR, 92037

View on infosec-jobs.com

Consultant Azure Cloud Sécurité CSPM H/F (Paris)

@ EY | Paris La Défense, FR, 92037

View on infosec-jobs.com

Consultant en Protection des Données (Microsoft Purview) H/F (Paris)

@ EY | Paris La Défense, FR, 92037

View on infosec-jobs.com

Business Continuity Coordinator

@ Sumitomo Mitsui Banking Corporation | Brea, CA, US, 92821

View on infosec-jobs.com

all InfoSec News

OpenID Connect Flows: From Implicit to Authorization Code with PKCE & BFF

More from dev.to / DEV Community

Jobs in InfoSec / Cybersecurity

Data Loss Prevention Analyst 1

TC-CS-DPP MS Purview-Staff

Consultant CSIRT Confirmé H/F (Paris)

Consultant Azure Cloud Sécurité CSPM H/F (Paris)

Consultant en Protection des Données (Microsoft Purview) H/F (Paris)

Business Continuity Coordinator