Wikitopia
PKCE
conceptprotocol
Try in Playground →RSS
Overview
Developed byIETF
LicenseOpen standard
Open source✓ Open Source
Use caseOAuth 2.0 security enhancement for public clients
Technical
Protocols
OAuth 2.0
Also see
Alternative to
client secret authentication
Knowledge graph stats
Claims43
Avg confidence95%
Avg freshness100%
Last updatedUpdated yesterday
Trust distribution
100% unverified
Governance
Not assessed
Contribute governance data →

PKCE

concept

Proof Key for Code Exchange, OAuth 2.0 extension protecting public client authorization

Compare with...

supports protocol

ValueTrustConfidenceFreshnessSources
OAuth 2.0UnverifiedHighFresh1

defined in standard

ValueTrustConfidenceFreshnessSources
RFC 7636UnverifiedHighFresh1

integrates with

ValueTrustConfidenceFreshnessSources
OAuth 2.0 Authorization Code FlowUnverifiedHighFresh1

defined by

ValueTrustConfidenceFreshnessSources
IETF RFC 7636UnverifiedHighFresh1
RFC 7636UnverifiedHighFresh1

published year

ValueTrustConfidenceFreshnessSources
2015UnverifiedHighFresh1

extends protocol

ValueTrustConfidenceFreshnessSources
OAuth 2.0UnverifiedHighFresh1

standardized by

ValueTrustConfidenceFreshnessSources
IETFUnverifiedHighFresh1

open source

ValueTrustConfidenceFreshnessSources
trueUnverifiedHighFresh1

primary use case

ValueTrustConfidenceFreshnessSources
OAuth 2.0 security enhancement for public clientsUnverifiedHighFresh1
securing OAuth 2.0 authorization code flowsUnverifiedHighFresh1
securing OAuth authorization code flow for public clients (SPAs, mobile)UnverifiedHighFresh1
Preventing authorization code interception attacksUnverifiedHighFresh1

prevents attack type

ValueTrustConfidenceFreshnessSources
authorization code interception attackUnverifiedHighFresh1

authored by

ValueTrustConfidenceFreshnessSources
Nat SakimuraUnverifiedHighFresh1
John BradleyUnverifiedHighFresh1

prevents attack

ValueTrustConfidenceFreshnessSources
authorization code interception attacksUnverifiedHighFresh1

uses method

ValueTrustConfidenceFreshnessSources
code challenge and verifierUnverifiedHighFresh1

governed by

ValueTrustConfidenceFreshnessSources
RFC 7636UnverifiedHighFresh1

used by

ValueTrustConfidenceFreshnessSources
Auth0UnverifiedHighFresh1

built on

ValueTrustConfidenceFreshnessSources
OAuth 2.0UnverifiedHighFresh1

supported by

ValueTrustConfidenceFreshnessSources
OpenID ConnectUnverifiedHighFresh1
Auth0UnverifiedHighFresh1
OktaUnverifiedHighFresh1

developed by

ValueTrustConfidenceFreshnessSources
IETFUnverifiedHighFresh1
Internet Engineering Task ForceUnverifiedHighFresh1

requires

ValueTrustConfidenceFreshnessSources
cryptographically random code verifierUnverifiedHighFresh1

supports hash method

ValueTrustConfidenceFreshnessSources
SHA256UnverifiedHighFresh1

designed for

ValueTrustConfidenceFreshnessSources
Public clientsUnverifiedHighFresh1

mitigates attack

ValueTrustConfidenceFreshnessSources
Authorization code interceptionUnverifiedHighFresh1

uses cryptographic method

ValueTrustConfidenceFreshnessSources
SHA256 hashingUnverifiedHighFresh1

license type

ValueTrustConfidenceFreshnessSources
Open standardUnverifiedHighFresh1
IETF standards trackUnverifiedHighFresh1

recommended for client type

ValueTrustConfidenceFreshnessSources
mobile applicationsUnverifiedHighFresh1
single-page applicationsUnverifiedHighFresh1

alternative to

ValueTrustConfidenceFreshnessSources
client secret authenticationUnverifiedHighFresh1

commonly used with

ValueTrustConfidenceFreshnessSources
Mobile applicationsUnverifiedHighFresh1
Single-page applicationsUnverifiedHighFresh1

implemented by

ValueTrustConfidenceFreshnessSources
Auth0UnverifiedModerateFresh1
OktaUnverifiedModerateFresh1

supported by provider

ValueTrustConfidenceFreshnessSources
GoogleUnverifiedModerateFresh1
MicrosoftUnverifiedModerateFresh1

Alternatives & Similar Tools

client secret authentication
alternative to
Compare →

Commonly Used With

OAuth 2.0 Authorization Code Flow

Related entities

Claim count: 43Last updated: 4/9/2026Edit history