Recently I found an unprotected endpoint in BFF API that exposes:
- ClientId
- Scope
- Authority
Frontend consuming this endpoint uses this response to kick off AuthorizationCode + PKCE flow.
Is this secure?
You need to sign in to view this answers
Leave feedback about this