Discover more from Scott Brady's Newsletter
June '21 - Client auth vs. PKCE
A new article and a new newsletter.
Client authentication vs. PKCE
This month’s article covers a question I’ve received a few times: “Does OAuth’s Proof-Key for Code Exchange (PKCE) replace client secrets”. The short answer is no, but this article digs into it a bit further than that.
Since we last spoke
There have been some new articles since my last email focusing on password UX and password hash migration.
Learn how to use AES-GCM encryption in .NET for authenticated encryption, giving you the usual confidentiality and an additional integrity check.
Learn how password shucking attacks rehashed or pre-hashed passwords by stripping your password hashes of their strong outer password hashing algorithm.
Learn how to automatically set HTML passwordrules based on your ASP.NET Identity password options, using the newpassword tag helper from ScottBrady.IdentityModel.
Learn how to integrate sign-up forms with password generators by using the autocomplete and passwordrules HTML attributes.
In other news
I am now a father! My son was born in April, and after 9 weeks, I’ve finally found some time to get my improved newsletter back on track.
If you have any article ideas, let me know. I’m always on the lookout for new topics!