Good explanation! Liked it! I have QQ - at 5:08 where we are sending encrypted string with type of hashing s256 so anyone easily can decrypt that request
Thanks for your question. Just to clarify. This is not an encrypted string. Its a secure random value that is subsequently subjected to a SHA256 hash. So there's no question of decryption. And attempting to crack/collide this hash is nearly impossible because of the nature of the underlying random value. In addition to all these constraints, remember that this value is a one-time use value only. Its never used subssequently, and is transmitted over HTTPS, so these risks are quite mitigated. I hope we've clarified.
what an amazing content...Thanks much Abhay
Glad you liked it!
Is it good practice to get PKCE as part of configuration injection from an app to a Login Framework which has OAuth 2.0?
Could you please create vedio on other grant types aswell
Hey, we'll surely do that.
Good explanation! Liked it! I have QQ - at 5:08 where we are sending encrypted string with type of hashing s256 so anyone easily can decrypt that request
Thanks for your question. Just to clarify. This is not an encrypted string. Its a secure random value that is subsequently subjected to a SHA256 hash. So there's no question of decryption. And attempting to crack/collide this hash is nearly impossible because of the nature of the underlying random value. In addition to all these constraints, remember that this value is a one-time use value only. Its never used subssequently, and is transmitted over HTTPS, so these risks are quite mitigated. I hope we've clarified.
Got it. Thanks again!