Clients are permitted to use “plain” only if they cannot support “S256” for some technical reason and know via out-of-band configuration that the server supports “plain”. (RFC 7636: Proof Key for Code Exchange by OAuth Public Clients)



JSON

Return to list of all ( PKCE Code Challenge Methods | Web Concepts )