🧰 Tools
πŸ”PKCE πŸ“œSAML πŸ”—URL ⏰Time 🎫JWT πŸš€REST πŸ“YAML πŸ”„XML πŸ”€B64 πŸ”’ROT47 πŸ—οΈForgeRock
πŸ“¦ Step 1: Generate Code Verifier
πŸ” Step 2: Code Challenge Method
🌐 Step 3: Complete Authorization URL (optional)
ℹ️ What is PKCE?

PKCE (Proof Key for Code Exchange, RFC 7636) adds security to the OAuth 2.0 Authorization Code Flow, especially for public clients like mobile apps and SPAs.

How it works:

  1. Client generates random code_verifier (43-128 chars)
  2. Client creates code_challenge = BASE64URL(SHA256(code_verifier))
  3. Client sends code_challenge in authorization request
  4. Authorization server stores the challenge
  5. Client sends original code_verifier in token request
  6. Server verifies: SHA256(code_verifier) == code_challenge

⚠️ Important: Save the code_verifier! You'll need it when exchanging the authorization code for tokens.

πŸ“– Related Articles
πŸ”’ Privacy Notice

All calculations are performed locally in your browser using the Web Crypto API. No data is sent to any server. Your code_verifier and code_challenge never leave your device.