Proof Key for Code Exchange (PKCE)
GPTKB entity
Statements (53)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:XMPP_Extension_Protocol
|
| gptkbp:applies_to |
public clients
|
| gptkbp:benefits |
prevents authorization code interception
|
| gptkbp:defines |
gptkb:RFC_7636
gptkb:RFC_6819 gptkb:RFC_6749 |
| gptkbp:developed_by |
gptkb:IETF
|
| gptkbp:enhances |
O Auth 2.0 security
|
| https://www.w3.org/2000/01/rdf-schema#label |
Proof Key for Code Exchange (PKCE)
|
| gptkbp:introduced |
gptkb:RFC_7636
|
| gptkbp:involves |
client application
resource owner authorization server authorization endpoint token endpoint authorization code |
| gptkbp:is |
a security mechanism
|
| gptkbp:is_adopted_by |
mobile app developers
major tech companies web app developers |
| gptkbp:is_implemented_in |
various identity providers
|
| gptkbp:is_part_of |
gptkb:XMPP_Extension_Protocol
O Auth 2.0 framework O Auth 2.0 security best practices O Auth 2.0 specification authorization code grant type |
| gptkbp:is_related_to |
O Auth 2.0 authorization code flow
O Auth 2.0 client credentials flow O Auth 2.0 implicit flow O Auth 2.0 security considerations PKCE flow authorization grant types |
| gptkbp:is_supported_by |
O Auth 2.1
O Auth 2.0 frameworks O Auth 2.0 libraries |
| gptkbp:is_used_for |
secure API access
|
| gptkbp:is_used_in |
gptkb:Cloud_Computing_Service
gptkb:mobile_application enterprise applications single-page applications third-party applications |
| gptkbp:provides |
secure authorization process
|
| gptkbp:purpose |
enhance security of authorization code flow
|
| gptkbp:requires |
client_id
redirect_uri |
| gptkbp:suitable_for |
native applications
browser-based applications confidential clients public client applications |
| gptkbp:uses |
code challenge
code verifier |
| gptkbp:bfsParent |
gptkb:RFC_8447
|
| gptkbp:bfsLayer |
5
|