Jump to content
Log in
Jump to content
Log in

Security

Discussion
Updated 16 June 2023

OAuth is designed to keep secrets confidential during authentication and authorization. However, there are additional best practices that you can takes to improve the security of your app.

Storing client credentials

API tokens and client secrets must be kept confidential and not submitted to public source control or exposed in user-accessible code.

Using PKCE in authorization requests

A Proof Key for Code Exchange (PKCE) is required for mobile, desktop, and single-page apps as part of the OAuth 2.0 authorization code flow. Visit the OAuth documentation for information about using PKCE in authorization requests.



Retrieved from "https://api.wikimedia.org/w/index.php?title=Security&oldid=1845"
The Wikimedia Foundation, Inc is a nonprofit charitable organization dedicated to encouraging the growth, development and distribution of free, multilingual content, and to providing the full content of these wiki-based projects to the public free of charge.
Contact About Wikimedia

Wikimedia Projects

WikipediaWikibooksWikiversityWikinewsWiktionaryWikisourceWikiquoteWikivoyageWikimedia CommonsWikidataWikispeciesMediaWiki

Movement affiliates

Wikimedia ChaptersWikimedia Thematic OrganizationsWikimedia User Groups

OTHER

Terms of usePrivacy policyDisclaimersAccessibility statementCookie statementCode of conduct
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. See Terms of Use for details.