What is PKCE?
Proof Key for Code Exchange (PKCE) is a more secure implementation of the OAuth code flow.
PKCE involves using a code_challenge and code verifier for the authentication request and code exchange to prove that the same app that initiates the authentication request exchanges the code.
- The PKCE-enhanced Authorization Code Flow introduces a secret created by the calling application that can be verified by the authorization server; this secret is called the Code Verifier. Additionally, the calling app creates a transform value of the Code Verifier called the Code Challenge and sends this value over HTTPS to retrieve an Authorization Code. This way, a malicious attacker can only intercept the Authorization Code, and they cannot exchange it for a token without the Code Verifier.
If you need more info, please take a look at our documentation on implementing the PKCE flow in the Auth Link and when Exchanging Code with Access Token.
Also, see our related articles: