Skip to content

Commit

Permalink
Explain the importance of requireProofKey
Browse files Browse the repository at this point in the history 
Closes gh-1545
  • Loading branch information
@weltonrodrigo @jgrandja
weltonrodrigo authored and jgrandja committed Feb 27, 2024
1 parent d7dbdfa commit 2004ba1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/guides/how-to-pkce.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ include::{examples-dir}/main/java/sample/pkce/ClientConfig.java[tag=client,inden
----
======

NOTE: The `requireProofKey` setting is helpful in situations where you forget to include the `code_challenge` and `code_challenge_method` query parameters because you will receive an error indicating PKCE is required during the xref:protocol-endpoints.adoc#oauth2-authorization-endpoint[Authorization Request] instead of a general client authentication error during the xref:protocol-endpoints.adoc#oauth2-token-endpoint[Token Request].
IMPORTANT: The `requireProofKey` setting is important to prevent the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-25#name-pkce-downgrade-attack[PKCE Downgrade Attack].

[[authenticate-with-client]]
== Authenticate with the Client
Expand Down

0 comments on commit 2004ba1

Please sign in to comment.