PKCE
protocol
Overview
Developed byInternet Engineering Task Force
LicenseOpen standard
Open source✓ Open Source
Use casesecuring OAuth 2.0 authorization code flows
Also see
Alternative to
Knowledge graph stats
Claims43
Avg confidence95%
Avg freshness100%
Last updatedUpdated yesterday
Trust distribution
100% unverified
Governance
Not assessed
PKCE
concept
Proof Key for Code Exchange, OAuth 2.0 extension protecting public client authorization
Compare with...defined by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| IETF RFC 7636 | ○Unverified | High | Fresh | 1 |
| RFC 7636 | ○Unverified | High | Fresh | 1 |
published year
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| 2015 | ○Unverified | High | Fresh | 1 |
extends protocol
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| OAuth 2.0 | ○Unverified | High | Fresh | 1 |
standardized by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| IETF | ○Unverified | High | Fresh | 1 |
| IETF | ○Unverified | High | Fresh | 1 |
open source
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| true | ○Unverified | High | Fresh | 1 |
primary use case
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| securing OAuth 2.0 authorization code flows | ○Unverified | High | Fresh | 1 |
| securing OAuth authorization code flow for public clients (SPAs, mobile) | ○Unverified | High | Fresh | 1 |
| Preventing authorization code interception attacks | ○Unverified | High | Fresh | 1 |
authored by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Nat Sakimura | ○Unverified | High | Fresh | 1 |
| John Bradley | ○Unverified | High | Fresh | 1 |
prevents attack
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| authorization code interception attacks | ○Unverified | High | Fresh | 1 |
uses method
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| code challenge and verifier | ○Unverified | High | Fresh | 1 |
governed by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| RFC 7636 | ○Unverified | High | Fresh | 1 |
used by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Auth0 | ○Unverified | High | Fresh | 1 |
built on
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| OAuth 2.0 | ○Unverified | High | Fresh | 1 |
supported by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| OpenID Connect | ○Unverified | High | Fresh | 1 |
| Auth0 | ○Unverified | High | Fresh | 1 |
| Okta | ○Unverified | High | Fresh | 1 |
designed for
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Public clients | ○Unverified | High | Fresh | 1 |
mitigates attack
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Authorization code interception | ○Unverified | High | Fresh | 1 |
uses cryptographic method
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| SHA256 hashing | ○Unverified | High | Fresh | 1 |
license type
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Open standard | ○Unverified | High | Fresh | 1 |
developed by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Internet Engineering Task Force | ○Unverified | High | Fresh | 1 |
alternative to
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| client secret authentication | ○Unverified | High | Fresh | 1 |
commonly used with
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Mobile applications | ○Unverified | High | Fresh | 1 |
| Single-page applications | ○Unverified | High | Fresh | 1 |
implemented by
| Value | Trust | Confidence | Freshness | Sources |
|---|---|---|---|---|
| Auth0 | ○Unverified | Moderate | Fresh | 1 |
| Okta | ○Unverified | Moderate | Fresh | 1 |