Scott Brady's Newsletter

Share this post

June '21 - Client auth vs. PKCE

scottbrady91.substack.com

Discover more from Scott Brady's Newsletter

Learn about web security with a focus on OAuth and ASP.NET Core.
Continue reading
Sign in

June '21 - Client auth vs. PKCE

A new article and a new newsletter.

Scott Brady
Jun 4, 2021
Share

Client authentication vs. PKCE

This month’s article covers a question I’ve received a few times: “Does OAuth’s Proof-Key for Code Exchange (PKCE) replace client secrets”. The short answer is no, but this article digs into it a bit further than that.

Learn how OAuth Proof-Key for Code Exchange (PKCE) does not replace client authentication (e.g. secrets) and why you should use both where possible.

Client Authentication vs. PKCE: Do you need both?


Since we last spoke

There have been some new articles since my last email focusing on password UX and password hash migration.

Authenticated Encryption in .NET with AES-GCM

Learn how to use AES-GCM encryption in .NET for authenticated encryption, giving you the usual confidentiality and an additional integrity check.

Beware of Password Shucking

Learn how password shucking attacks rehashed or pre-hashed passwords by stripping your password hashes of their strong outer password hashing algorithm.

Integrating ASP.NET Identity Password Policies with Password Managers

Learn how to automatically set HTML passwordrules based on your ASP.NET Identity password options, using the newpassword tag helper from ScottBrady.IdentityModel.

Perfecting the password field with the HTML passwordrules attribute

Learn how to integrate sign-up forms with password generators by using the autocomplete and passwordrules HTML attributes.


In other news

I am now a father! My son was born in April, and after 9 weeks, I’ve finally found some time to get my improved newsletter back on track.

If you have any article ideas, let me know. I’m always on the lookout for new topics!

Share
Next
Top
New

No posts

Ready for more?

© 2023 Scott Brady
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing