WTF is PKCE and Why Should You Care?

Written by janakda | Published 2020/06/21
Tech Story Tags: oauth2 | pkce | proof-of-possession | security | oauth | authorization | authz-code | latest-tech-stories

TLDR PKCE is a mechanism to make the use of OAuth 2.0 Authorization Code grant more secure in certain cases. PKCE prevents an “Authorization Code Interception Attack” The “code verifier” is a random code which meets a certain requirement. The code verifier and the code challenge is created by the client app. Each pair is used only once and cannot be intercepted by an attacker. The Code Verifier and Code Challenge method are optional and the ‘code challenge method’ is optional and it’s used to state the method used.via the TL;DR App
no story
Written by janakda | Software Engineer @ WSO2 IAM TEAM
Published by HackerNoon on 2020/06/21
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy