← Cybersecurity Alphabet Soup

PKCE

Proof Key for Code Exchange

identityhard

PKCE, pronounced pixy, hardens the OAuth authorization code flow against interception attacks. The client creates a secret verifier, sends its hash when requesting the code, and must present the original verifier to redeem it. It was designed for mobile apps that cannot keep a client secret and is now recommended for all OAuth clients.

Sources

More in identity