FAQ: What authentication flows are supported?
Picturepark Open ID Connect provider supports Authorization Code Flow with PKCE, an OpenId Connect flow designed to authenticate users in native or mobile applications. PKCE, pronounced “pixy” is an acronym for Proof Key for Code Exchange, which does not require users to provide a client_secret. The standard Authorization Code flow would require this. The main benefit is the reduced risk for native apps, as there are no embedded secrets in the source code and this in return limits exposure to reverse engineering.