top | item 46366404

(no title)

emadda | 2 months ago

PKCE protects the auth token from interception by making it so that only your code that started the flow can redeem it by proving they have the secret code_verifier on the redeem_token() call.

The code_challenge == sha256(code_verifier). You will share the code_challenge at the start of the flow.

discuss

No comments yet.