Authorization

2 articles

oauth28 min read

OAuth 2.0 With PKCE — Secure Authorization Code Flow for SPAs and Mobile Apps

Master PKCE (Proof Key for Public Clients) for JavaScript SPAs and mobile apps. Learn code verifier generation, state parameters, token storage, refresh flows, and scope design.

March 15, 2026Read →

API Security8 min read

OWASP API Security Top 10 — With Real Fixes for Each Vulnerability

Deep dive into OWASP API Security Top 10 vulnerabilities with production-ready fixes: BOLA, broken auth, data exposure, rate limiting, function level auth, and more.

March 15, 2026Read →