Closed aeden closed 7 months ago
An example of documented use cases may be found in Stripe's developer documentation: https://stripe.com/docs#start-with-your-use-case
@DXTimer published one use-case during Q4 2020 and is going to continue working on this enhancement during Q1 2021.
This is only very loosely related, but there are some use cases that can't currently be implemented securely because the OAuth implementation doesn't support PKCE. This was designed for public clients that can't protect a static client secret like Jamstack websites and mobile apps.
There's a draft IETF BCP for OAuth 2.0 Security which currently requires authorisation servers to implement PKCE so I hope the API could support this. There are security benefits for all clients that implement PKCE, not just public clients, when the auth server offers it.
More work was done at https://github.com/dnsimple/dnsimple-api-examples
The current view we provide in the developer documentation is a good reference, however I would like to add an additional section that describes the various ways customers may use the API.