Why do we need PKCE ? https://www.youtube.com/watch?v=_zWovo2zv6k
More Details : https://oauth.com/oauth2-servers/pkce/authorization-request/
Note : the malicious App and Legimate App both live in the same environment
https://www.authlete.com/developers/pkce/#2-pkce-authorization-request
PKCE Authorization Request
Include
- 'code_challenge' : computed by applying 'code_challenge_method' to 'code_verifier'
- and optionally with 'code_challenge_method' : can be plain or S256
- AND code_verifier which is a random string of of
[A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"and a min of 45 and max of 128 chars
PKCE Authorization Response
PKCE Token Request
Issue Access token
No comments:
Post a Comment