I am implementing iOS application with authorization code flow. Authorization code flow is working fine with PKEC. But when I am using client secret for authorization code flow(Using okta web page). I am receiving error code 6.
Can I use client secret for authorization code flow(safari page).
You shouldn’t be using the auth code flow from a browser with a client secret. It’s not safe to have a client secret in an “untrusted” app - like the browser. (The definition of trusted vs. untrusted is that trusted is simply a system you have complete control over - like a server running a .NET or Spring app. Everything else is untrusted.)
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.