Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
github
/
spring-authorization-server
spogulis no https://github.com/spring-projects/spring-authorization-server
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Explain the importance of requireProofKey

Closes gh-1545
Welton Rodrigo Torres Nascimento 1 gadu atpakaļ
vecāks
d7dbdfaaff
revīzija
2004ba10e2
1 mainītis faili ar 1 papildinājumiem un 1 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 1 1
      docs/modules/ROOT/pages/guides/how-to-pkce.adoc

+ 1 - 1
docs/modules/ROOT/pages/guides/how-to-pkce.adoc
Parādīt failu 

@@ -58,7 +58,7 @@ include::{examples-dir}/main/java/sample/pkce/ClientConfig.java[tag=client,inden
 
 ----
 
 ======
 
 
-NOTE: The `requireProofKey` setting is helpful in situations where you forget to include the `code_challenge` and `code_challenge_method` query parameters because you will receive an error indicating PKCE is required during the xref:protocol-endpoints.adoc#oauth2-authorization-endpoint[Authorization Request] instead of a general client authentication error during the xref:protocol-endpoints.adoc#oauth2-token-endpoint[Token Request].
 
+IMPORTANT: The `requireProofKey` setting is important to prevent the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-25#name-pkce-downgrade-attack[PKCE Downgrade Attack].
 
 
 [[authenticate-with-client]]
 
 == Authenticate with the Client