Significant parts of the site require JavaScript. If you have it turned off and something doesn't work, that's probably why!

Updated

Allow confidential clients to omit PKCE for OAuth 2.0 compatibility.

flash

Changelog » Change #4505

This does require redirect_uri be specified in the token request when PKCE is omitted.

Comments for 2025-08-26