{"draft":"draft-ietf-oauth-spop-15","doc_id":"RFC7636","title":"Proof Key for Code Exchange by OAuth Public Clients","authors":["N. Sakimura, Ed.","J. Bradley","N. Agarwal"],"format":["ASCII","HTML"],"page_count":"20","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Web Authorization Protocol","abstract":"OAuth 2.0 public clients utilizing the Authorization Code Grant are\r\nsusceptible to the authorization code interception attack.  This\r\nspecification describes the attack as well as a technique to mitigate\r\nagainst the threat through the use of Proof Key for Code Exchange\r\n(PKCE, pronounced \"pixy\").","pub_date":"September 2015","keywords":["smart phones","apps","XARA","authorization","custom scheme","intent","man-in-the-middle","eavesdropping","user agent swap","spop","pop","openid","connect","pkce","pixie"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7636","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7636"}