Proof Key for Code Exchange by OAuth Public Clients
| Document Name: | RFC 7636 |
|---|---|
| Document URI: |
urn:ietf:rfc:7636
|
| Online Version: |
https://datatracker.ietf.org/doc/html/rfc7636
|
| Organization: | Internet Engineering Task Force (IETF) |
| Series: | Request for Comments (RFC) |
| Abstract: | OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy"). |
Specified Web Concepts:
OAuth Parameters
code_challenge
,
code_challenge_method
,
code_verifier
PKCE Code Challenge Methods
S256
,
plain
Return to ( Series | Organization | all Specifications )