Auth & Users — PKCE
This lesson covers the PKCE flow and user authentication with Supabase.
Like a lock with a secret code that changes each time — PKCE ensures no one can steal your login in transit.
- PKCE
- Proof Key for Code Exchange — a security mechanism for the OAuth flow that prevents authorization-code theft.
- Code verifier
- A random string generated on the client, used to verify the token exchange.
- Session
- A token that verifies the user is still logged in, stored in localStorage or a cookie.