Proof Key for Code Exchange (PKCE)

PKCE augments OAuth 2.0 authorization code flow with a verifier and challenge to mitigate interception attacks.

#auth#rfc

Last updated: 2025-09-02T00:00:00.000Z

Evidence

RFC RFC 7636 Normative evidence
www.rfc-editor.org

More context

Recommended for public clients; S256 is the preferred code challenge method.