WTF is PKCE and Why Should You Care?

Written by janakda | Published 2020/06/21
Tech Story Tags: oauth2 | pkce | proof-of-possession | security | oauth | authorization | authz-code | latest-tech-stories

TLDR PKCE is a mechanism to make the use of OAuth 2.0 Authorization Code grant more secure in certain cases. PKCE prevents an “Authorization Code Interception Attack” The “code verifier” is a random code which meets a certain requirement. The code verifier and the code challenge is created by the client app. Each pair is used only once and cannot be intercepted by an attacker. The Code Verifier and Code Challenge method are optional and the ‘code challenge method’ is optional and it’s used to state the method used.via the TL;DR App

no story

Written by janakda | Software Engineer @ WSO2 IAM TEAM
Published by HackerNoon on 2020/06/21