🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional77 / 124
Question 77 of 124
A development team is building a public single-page application (SPA) that runs entirely in the user's browser and must authenticate users against a corporate identity provider using OAuth 2.0. Because the SPA cannot securely store a client secret, the security architect must recommend the appropriate authorization flow to prevent authorization code interception attacks. Which approach should the architect recommend?
Reviewed for accuracy · Report an issueNext question