Thanks. PKCE is not an alternative to code.

Ajay Thomas

Published in

OAuth 2

1 min readNov 1, 2019

Thanks. PKCE is not an alternative to code. PKCE is an addition to the code flow to prevent code replay and it is recommended by the OAuth 2.0 Security Guidelines (https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.1.1).

Written by Torsten Lodderstedt

231 Followers

Editor for

OAuth 2

Torsten is CTO@yes.com, software architect with strong security interest, identity nerd, contributor to OAuth, OpenID, Open Banking & Electronic Signatures

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams