PKCE (Proof Key for Code Exchange)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://statuscodefyi.com/iframe/glossary/pkce/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/pkce/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/pkce/)Use the native HTML custom element.
An OAuth 2.0 security extension (RFC 7636) that prevents authorization code interception attacks in public clients. Before the authorization request, the client generates a random code verifier and derives a code challenge from it. The challenge is sent with the authorization request; the verifier is sent during the token exchange. Only the client that initiated the request can complete the exchange, making PKCE mandatory for SPAs and mobile apps.