Abstract
OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced pixy).
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have