OAuth 2.0 + PKCE Explained — What's Actually Happening Behind Google Identity and Firebase Auth If you've integrated Google Sign-In, Firebase Authentication, or Google Identity Platform into your app — you've been using OAuth 2.0 + PKCE without necessarily knowing it. Google's own auth infrastructure is built on this spec, so understanding it makes configuring OAuth consent screens, scopes, and redirect URIs in GCP a lot less mysterious. The video covers: - The full Authorization Code Flow — exactly what happens when a user clicks "Sign in with Google" - Why PKCE is required for web and mobile apps (public clients) - How code_verifier and code_challenge (SHA-256) protect against auth code interception - How Bearer tokens / ID tokens are issued and what your Cloud Run or GCP backend validates - Confidential vs public clients — relevant when setting up OAuth 2.0 credentials in GCP Console Good foundation before working with Google Identity Platform, Firebase Auth, or any GCP service that uses OAuth-based…