Giters

spring-guides / tut-spring-security-and-angular-js

Spring Security and Angular:: A tutorial on how to use Spring Security with a single page application with various backend architectures, ranging from a simple single server to an API gateway with OAuth2 authentication.

Home Page:https://spring.io/guides/tutorials/spring-security-and-angular-js/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

How to enable PKCE(Proof Key for Code Exchange) when OAuth2.0 authorization code grant is used

mingqin1 opened this issue · comments

commented

Hi Dave:
OAuth 2.0 public clients using the authorization code grant are susceptible to the
authorization code interception attack. The PKCE specification( https://tools.ietf.org/html/rfc7636) has been introduced as a way to defend from this attack by establishing a secure binding between the authorization
request and the subsequent token request.
Is Spring-Security-OAuth already implemented PKCE ?