Proof Key for Code Exchange (PKCE)
This essentially introduces a per-request secret for code flow . All the client has to implement for this, is creating a random string and hashing it using SHA256.
This also solves the substition problem, because the client can prove that it is the same client on front and back-channel, and has the following additional advantages:
- the client implementation is very simple compared to hybrid flow
- it also solves the problem of the absence of a static secret for public clients
- no additional front-channel response artifacts are needed
本質上引進了一種每次請求加密的技術,所有客戶必須安裝,它由SHA256加密的隨機字符串創建。
並且這也解決了替換問題,因為客戶端可以證明它在前端和后端通道上是相同的客戶端,並且具有以下額外的優點:
相比hybridflow 客戶安裝簡單。
也解決了公用的客戶端缺少靜態密碼的問題。
前端不需要安裝響應的組件。
(client: 就是應用--> app/web/software)