Tag
pkce
Safeguard articles tagged "pkce" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Security Guides
OAuth 2.0 Security Best Practices (2026)
OAuth 2.0 is safe when you follow the current security BCP and dangerous when you follow a decade-old tutorial. Here is what RFC 9700 requires in 2026: PKCE everywhere, exact redirect matching, and sender-constrained tokens.
Jul 7, 20266 min read
Application Security
How to implement OAuth 2.0 securely
A step-by-step guide to implementing OAuth 2.0 securely: PKCE, redirect URI validation, token storage, and the vulnerabilities to avoid.
Feb 10, 20267 min read