#PKCE explained - Proof Key for Code Exchange for #OAuth2 Authz Code Grant | Niko Köbler (@dasniko)

In this video, I break down PKCE (Proof Key for Code Exchange), a crucial enhancement to the #OAuth 2.0 Authorization Code Grant. Learn how PKCE works, why it was introduced, and when it’s essential to ensure secure communication between your app and authorization server. Whether you’re building a mobile, desktop, or SPA (single-page application), understanding PKCE can help protect your app against common security threats like authorization code interception. 📚 Topics Covered: * What is PKCE? * The mechanics of PKCE step-by-step. * Why PKCE is important for public clients. * Scenarios where PKCE is a must-have. 📖 Chapters: 0:00 - Intro 0:40 - Various OAuth2 Grant Types and why PKCE is needed 3:42 - How PKCE works 4:50 - PKCE Flow explained in detail 11:51 - PKCE in action (requests) 13:40 - Where to configure in Keycloak client settings 15:41 - Outro 🔗 Links: 📌 PKCE Spec, RFC 7636: https://datatracker.ietf.org/doc/html/rfc7636 👉 Keycloak & IAM Newsletter: https://www.n-k.de/newsletter/ 👉 Keycloak Discourse Community Forum: https://keycloak.discourse.group/ 👉 Public KEYCLOAK TRAININGS (german language) in cooperation with socreatory GmbH: https://www.socreatory.com/de/trainings/keycloak?ref=niko Thank you for watching! Don't forget to subscribe 🔔 to my channel (if not already done) and give this video some thumbs up 👍 (aka "like"). Tell me about your experiences and in the comments. I'm looking forward to it! Thank YOU! --- I'm Niko - and I'm your Expert for Keycloak IAM & SSO and an independent freelance software consultant, developer and trainer. I'm here to help - you, your team and your company. How can I support you? Just get in contact: 🌎 Website: https://www.n-k.de 🔗 LinkedIn: https://www.linkedin.com/in/dasniko 🚧 GitHub Profile: https://github.com/dasniko 🦣 Mastodon: https://mastodon.cloud/@dasniko 🎥 YouTube Channel: https://www.youtube.com/@dasniko?sub_confirmation=1 All things Java, All-End (Frontend, Backend, Fullstack Deployments), Authentication, Security 🔐, IAM, Keycloak, Containers, DevOps, Cloud ☁️, Serverless, On-Premise Please understand that YouTube Comments are not a good place to get support in case of questions and errors. There are forums and groups out there which are the right place to ask!