jkm0t (jkm0t) asked a question.
I am rebuilding a restful api in asp.net core c* for our new native mobile apps (these are building built by an external company ).
They wanted to use the implicit flow like our previous api+app however I have seen a lot to suggest this is not best practice and that in this instance we should be using the PKCE Authorisation flow.
I am new to api authentication/authorisation and need a solid guide on what I need to implement in the API and then what the app developer needs to add their end. Because the app devs do not seem to use PKCE I just need to be able to make sure I am instructing them correctly.
I have gone through lots of guides but still not quite 100%.
Please ask if you need more information from me.
Many Thanks
Thank you for posting the question!
Please open a case with our Support Team to further discuss the scenario and the end-goal you are trying to achieve.
Thanks!
Andreea