WTF is PKCE and Why Should You Care?by@janakda
370 reads
370 reads

WTF is PKCE and Why Should You Care?

by Janak Amarasena4mJune 21st, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

PKCE is a mechanism to make the use of OAuth 2.0 Authorization Code grant more secure in certain cases. PKCE prevents an “Authorization Code Interception Attack” The “code verifier” is a random code which meets a certain requirement. The code verifier and the code challenge is created by the client app. Each pair is used only once and cannot be intercepted by an attacker. The Code Verifier and Code Challenge method are optional and the ‘code challenge method’ is optional and it’s used to state the method used.

Coin Mentioned

Mention Thumbnail
featured image - WTF is PKCE and Why Should You Care?
Janak Amarasena HackerNoon profile picture
Janak Amarasena

Janak Amarasena

@janakda

Software Engineer @ WSO2 IAM TEAM

About @janakda
LEARN MORE ABOUT @JANAKDA'S
EXPERTISE AND PLACE ON THE INTERNET.

Share Your Thoughts

About Author

Janak Amarasena HackerNoon profile picture
Janak Amarasena@janakda
Software Engineer @ WSO2 IAM TEAM

TOPICS

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite
L O A D I N G
. . . comments & more!