CINXE.COM

RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients

<!DOCTYPE html> <html data-bs-theme="auto" lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title> RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients </title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="https://static.ietf.org/fonts/inter/import.css" rel="stylesheet"> <link href="https://static.ietf.org/fonts/noto-sans-mono/import.css" rel="stylesheet"> <link rel="stylesheet" href="https://static.ietf.org/dt/12.28.2/ietf/css/document_html_referenced.css"> <script type="module" crossorigin="" src="https://static.ietf.org/dt/12.28.2/assets/embedded-e653257c.js"></script> <link href="https://static.ietf.org/dt/12.28.2/assets/create-pinia-singleton-091c62b7.js" type="text/javascript" crossorigin="anonymous" rel="modulepreload" as="script" /> <link href="https://static.ietf.org/dt/12.28.2/assets/Scrollbar-7de50899.js" type="text/javascript" crossorigin="anonymous" rel="modulepreload" as="script" /> <script src="https://static.ietf.org/dt/12.28.2/ietf/js/document_html.js"></script> <script src="https://static.ietf.org/dt/12.28.2/ietf/js/theme.js"></script> <link rel="alternate" type="application/atom+xml" title="Document changes" href="/feed/document-changes/rfc7636/"> <meta name="description" content="Proof Key for Code Exchange by OAuth Public Clients (RFC 7636, )" > <link rel="apple-touch-icon" sizes="180x180" href="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor-180.png"> <link rel="icon" sizes="32x32" href="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor-32.png"> <link rel="icon" sizes="16x16" href="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor-16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="mask-icon" href="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor-mask.svg" color="#ffffff"> <meta name="msapplication-TileColor" content="#ffffff"> <meta name="theme-color" content="#ffffff"> <meta property="og:title" content="RFC 7636: Proof Key for Code Exchange by OAuth Public Clients"> <meta property="og:url" content="https://datatracker.ietf.org/doc/html/rfc7636"> <link rel="canonical" href="https://datatracker.ietf.org/doc/html/rfc7636"> <meta property="og:site_name" content="IETF Datatracker"> <meta property="og:description" content="OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced &quot;pixy&quot;)."> <meta property="og:type" content="article"> <meta property="og:image" content="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-card.png"> <meta property="og:image:alt" content="Logo of the IETF"> <meta property="article:section" content="IETF - Internet Engineering Task Force"> <meta property="og:image:type" content="image/png"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="630"> <meta name="twitter:card" content="summary_large_image"> <meta property="article:author" content="Nat Sakimura"> <meta property="article:author" content="John Bradley"> <meta property="article:author" content="Naveen Agarwal"> <style> .diff-form .select2-selection__rendered { direction: rtl; text-align: left; } </style> </head> <body> <noscript><iframe class="status" title="Site status" src="/status/latest"></iframe></noscript> <div class="vue-embed" data-component="Status"></div> <div class="btn-toolbar sidebar-toolbar position-fixed top-0 end-0 m-2 m-lg-3 d-print-none"> <div class="dropdown"> <button class="btn btn-outline-secondary btn-sm me-1 dropdown-toggle d-flex align-items-center" id="bd-theme" type="button" aria-expanded="false" data-bs-toggle="dropdown" aria-label="Toggle theme"> <i class="theme-icon-active bi bi-circle-half"></i> </button> <ul class="dropdown-menu" aria-labelledby="bd-theme"> <li> <button type="button" class="dropdown-item d-flex align-items-center" data-bs-theme-value="light" aria-pressed="false"> <i class="me-2 opacity-50 theme-icon bi bi-sun-fill"></i> Light<i class="bi bi-check2 ms-auto d-none"></i> </button> </li> <li> <button type="button" class="dropdown-item d-flex align-items-center" data-bs-theme-value="dark" aria-pressed="false"> <i class="me-2 opacity-50 theme-icon bi bi-moon-stars-fill"></i> Dark<i class="bi bi-check2 ms-auto d-none"></i> </button> </li> <li> <button type="button" class="dropdown-item d-flex align-items-center active" data-bs-theme-value="auto" aria-pressed="true"> <i class="me-2 opacity-50 theme-icon bi bi-circle-half"></i> Auto<i class="bi bi-check2 ms-auto d-none"></i> </button> </li> </ul> </div> <button class="btn btn-outline-secondary btn-sm sidebar-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#sidebar" aria-expanded="true" aria-controls="sidebar" aria-label="Toggle metadata sidebar" title="Toggle metadata sidebar"> <i class="bi bi-arrow-bar-left sidebar-shown"></i> <i class="bi bi-arrow-bar-right sidebar-collapsed"></i> </button> </div> <nav class="navbar bg-light-subtle px-1 fixed-top d-print-none d-md-none"> <a class="nav-link ps-1" href="/doc/rfc7636/"> RFC 7636 <br class="d-sm-none"> <span class="ms-sm-3 badge rounded-pill badge-ps"> Proposed Standard </span> </a> <button class="navbar-toggler p-1" type="button" data-bs-toggle="collapse" data-bs-target="#docinfo-collapse" aria-controls="docinfo-collapse" aria-expanded="false" aria-label="Show document information"> <span class="navbar-toggler-icon small"></span> </button> <div class="navbar-nav navbar-nav-scroll overscroll-none collapse pt-1" id="docinfo-collapse"> <div class="bg-light-subtle p-0"> <table class="table table-sm table-borderless small"> <tbody class="meta align-top"> <tr> <th scope="row"></th> <th scope="row">Title</th> <td class="edit"></td> <td>Proof Key for Code Exchange by OAuth Public Clients</td> </tr> </tbody> <tbody class="meta align-top "> <tr> <th scope="row">Document</th> <th scope="row">Document type</th> <td class="edit"></td> <td> <span class="text-success">RFC - Proposed Standard </span> <br>September 2015 <br> <a class="btn btn-primary btn-sm my-1" href="https://www.rfc-editor.org/errata_search.php?rfc=7636" title="Click to view errata." rel="nofollow"> View errata </a> <a class="btn btn-sm btn-warning" title="Click to report an error in the document." href="https://www.rfc-editor.org/errata.php#reportnew" target="_blank"> Report errata </a> <div> Was <a href="/doc/draft-ietf-oauth-spop/15/">draft-ietf-oauth-spop</a> (<a href="/wg/oauth/about/">oauth WG</a>) </div> </td> </tr> <tr> <td></td> <th scope="row">Select version</th> <td class="edit"></td> <td> <ul class="revision-list pagination pagination-sm text-center flex-wrap my-0"> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-00" rel="nofollow"> 00 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-01" rel="nofollow"> 01 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-02" rel="nofollow"> 02 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-03" rel="nofollow"> 03 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-04" rel="nofollow"> 04 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-05" rel="nofollow"> 05 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-06" rel="nofollow"> 06 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-07" rel="nofollow"> 07 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-08" rel="nofollow"> 08 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-09" rel="nofollow"> 09 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-10" rel="nofollow"> 10 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-11" rel="nofollow"> 11 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-12" rel="nofollow"> 12 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-13" rel="nofollow"> 13 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-14" rel="nofollow"> 14 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-15" rel="nofollow"> 15 </a> </li> <li class="page-item rfc active"> <a class="page-link" href="/doc/html/rfc7636"> RFC 7636 </a> </li> </ul> </td> </tr> <tr> <td></td> <th scope="row">Compare versions</th> <td class="edit"></td> <td> <form class="form-horizontal diff-form" action="https://author-tools.ietf.org/iddiff" method="get" target="_blank"> <select class="form-select form-select-sm mb-1 select2-field" data-max-entries="1" data-width="resolve" data-allow-clear="false" data-minimum-input-length="0" aria-label="From revision" name="url1"> <option value="rfc7636"> RFC 7636 </option> <option value="draft-ietf-oauth-spop-15" selected> draft-ietf-oauth-spop-15 </option> <option value="draft-ietf-oauth-spop-14"> draft-ietf-oauth-spop-14 </option> <option value="draft-ietf-oauth-spop-13"> draft-ietf-oauth-spop-13 </option> <option value="draft-ietf-oauth-spop-12"> draft-ietf-oauth-spop-12 </option> <option value="draft-ietf-oauth-spop-11"> draft-ietf-oauth-spop-11 </option> <option value="draft-ietf-oauth-spop-10"> draft-ietf-oauth-spop-10 </option> <option value="draft-ietf-oauth-spop-09"> draft-ietf-oauth-spop-09 </option> <option value="draft-ietf-oauth-spop-08"> draft-ietf-oauth-spop-08 </option> <option value="draft-ietf-oauth-spop-07"> draft-ietf-oauth-spop-07 </option> <option value="draft-ietf-oauth-spop-06"> draft-ietf-oauth-spop-06 </option> <option value="draft-ietf-oauth-spop-05"> draft-ietf-oauth-spop-05 </option> <option value="draft-ietf-oauth-spop-04"> draft-ietf-oauth-spop-04 </option> <option value="draft-ietf-oauth-spop-03"> draft-ietf-oauth-spop-03 </option> <option value="draft-ietf-oauth-spop-02"> draft-ietf-oauth-spop-02 </option> <option value="draft-ietf-oauth-spop-01"> draft-ietf-oauth-spop-01 </option> <option value="draft-ietf-oauth-spop-00"> draft-ietf-oauth-spop-00 </option> </select> <select class="form-select form-select-sm mb-1 select2-field" data-max-entries="1" data-width="resolve" data-allow-clear="false" data-minimum-input-length="0" aria-label="To revision" name="url2"> <option value="rfc7636" selected> RFC 7636 </option> <option value="draft-ietf-oauth-spop-15"> draft-ietf-oauth-spop-15 </option> <option value="draft-ietf-oauth-spop-14"> draft-ietf-oauth-spop-14 </option> <option value="draft-ietf-oauth-spop-13"> draft-ietf-oauth-spop-13 </option> <option value="draft-ietf-oauth-spop-12"> draft-ietf-oauth-spop-12 </option> <option value="draft-ietf-oauth-spop-11"> draft-ietf-oauth-spop-11 </option> <option value="draft-ietf-oauth-spop-10"> draft-ietf-oauth-spop-10 </option> <option value="draft-ietf-oauth-spop-09"> draft-ietf-oauth-spop-09 </option> <option value="draft-ietf-oauth-spop-08"> draft-ietf-oauth-spop-08 </option> <option value="draft-ietf-oauth-spop-07"> draft-ietf-oauth-spop-07 </option> <option value="draft-ietf-oauth-spop-06"> draft-ietf-oauth-spop-06 </option> <option value="draft-ietf-oauth-spop-05"> draft-ietf-oauth-spop-05 </option> <option value="draft-ietf-oauth-spop-04"> draft-ietf-oauth-spop-04 </option> <option value="draft-ietf-oauth-spop-03"> draft-ietf-oauth-spop-03 </option> <option value="draft-ietf-oauth-spop-02"> draft-ietf-oauth-spop-02 </option> <option value="draft-ietf-oauth-spop-01"> draft-ietf-oauth-spop-01 </option> <option value="draft-ietf-oauth-spop-00"> draft-ietf-oauth-spop-00 </option> </select> <button type="submit" class="btn btn-primary btn-sm" value="--html" name="difftype"> Side-by-side </button> <button type="submit" class="btn btn-primary btn-sm" value="--hwdiff" name="difftype"> Inline </button> </form> </td> </tr> <tr> <td></td> <th scope="row">Authors</th> <td class="edit"> </td> <td> <span ><a title="Datatracker profile of Nat Sakimura" href="/person/nat@nat.consulting" >Nat Sakimura</a> <a href="mailto:nat%40nat.consulting" aria-label="Compose email to nat@nat.consulting" title="Compose email to nat@nat.consulting"> <i class="bi bi-envelope"></i></a></span>, <span ><a title="Datatracker profile of John Bradley" href="/person/ve7jtb@ve7jtb.com" >John Bradley</a> <a href="mailto:ve7jtb%40ve7jtb.com" aria-label="Compose email to ve7jtb@ve7jtb.com" title="Compose email to ve7jtb@ve7jtb.com"> <i class="bi bi-envelope"></i></a></span>, <span ><a title="Datatracker profile of Naveen Agarwal" href="/person/naa@google.com" >Naveen Agarwal</a> <a href="mailto:naa%40google.com" aria-label="Compose email to naa@google.com" title="Compose email to naa@google.com"> <i class="bi bi-envelope"></i></a></span> <br> <a class="btn btn-primary btn-sm mt-1" href="mailto:rfc7636@ietf.org?subject=rfc7636" title="Send email to the document authors">Email authors</a> </td> </tr> <tr> <td></td> <th scope="row"> RFC stream </th> <td class="edit"> </td> <td > <img alt="IETF Logo" class="d-lm-none w-25 mt-1" src="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor-white.svg" > <img alt="IETF Logo" class="d-dm-none w-25 mt-1" src="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor.svg" > </td> </tr> <tr> <td></td> <th scope="row"> Other formats </th> <td class="edit"> </td> <td> <div class="buttonlist"> <a class="btn btn-primary btn-sm" target="_blank" href="https://www.rfc-editor.org/rfc/rfc7636.txt"> <i class="bi bi-file-text"></i> txt </a> <a class="btn btn-primary btn-sm" target="_blank" href="https://www.rfc-editor.org/rfc/rfc7636.html"> <i class="bi bi-file-code"></i> html </a> <a class="btn btn-primary btn-sm" download="rfc7636.pdf" target="_blank" href="https://www.rfc-editor.org/rfc/pdfrfc/rfc7636.txt.pdf"> <i class="bi bi-file-pdf"></i> pdf </a> <a class="btn btn-primary btn-sm" target="_blank" href="https://www.rfc-editor.org/rfc/inline-errata/rfc7636.html"> <i class="bi bi-file-diff"></i> w/errata </a> <a class="btn btn-primary btn-sm" target="_blank" href="/doc/rfc7636/bibtex/"> <i class="bi bi-file-ruled"></i> bibtex </a> </div> </td> </tr> <tr> <td> </td> <th scope="row"> Additional resources </th> <td class="edit"> </td> <td> <a href="https://mailarchive.ietf.org/arch/browse/oauth/?q=rfc7636 OR %22draft-ietf-oauth-spop%22"> Mailing list discussion </a> </td> </tr> </tbody> <tr> <th scope="row"></th> <th scope="row"></th> <td class="edit"></td> <td> <a class="btn btn-sm btn-warning mb-3" target="_blank" href="https://github.com/ietf-tools/datatracker/issues/new/choose"> Report a bug <i class="bi bi-bug"></i> </a> </td> </tr> </table> </div> </div> </nav> <div class="row g-0"> <div class="col-md-9 d-flex justify-content-center lh-sm" data-bs-spy="scroll" data-bs-target="#toc-nav" data-bs-smooth-scroll="true" tabindex="0" id="content"> <div class="rfcmarkup"> <br class="noprint"> <!-- [html-validate-disable-block attr-quotes, void-style, element-permitted-content, heading-level -- FIXME: rfcmarkup/rfc2html generates HTML with issues] --> <div class="rfcmarkup"><pre>Internet Engineering Task Force (IETF) N. Sakimura, Ed. Request for Comments: 7636 Nomura Research Institute Category: Standards Track J. Bradley ISSN: 2070-1721 Ping Identity N. Agarwal Google September 2015 <span class="h1">Proof Key for Code Exchange by OAuth Public Clients</span> Abstract OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced &quot;pixy&quot;). Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in <a href="/doc/html/rfc5741#section-2">Section&nbsp;2 of RFC 5741</a>. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at <a href="http://www.rfc-editor.org/info/rfc7636">http://www.rfc-editor.org/info/rfc7636</a>. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to <a href="/doc/html/bcp78">BCP 78</a> and the IETF Trust&#x27;s Legal Provisions Relating to IETF Documents (<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. <span class="grey">Sakimura, et al. Standards Track [Page 1]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> Table of Contents <a href="#section-1">1</a>. Introduction ....................................................<a href="#page-3">3</a> <a href="#section-1.1">1.1</a>. Protocol Flow ..............................................<a href="#page-5">5</a> <a href="#section-2">2</a>. Notational Conventions ..........................................<a href="#page-6">6</a> <a href="#section-3">3</a>. Terminology .....................................................<a href="#page-7">7</a> <a href="#section-3.1">3.1</a>. Abbreviations ..............................................<a href="#page-7">7</a> <a href="#section-4">4</a>. Protocol ........................................................<a href="#page-8">8</a> <a href="#section-4.1">4.1</a>. Client Creates a Code Verifier .............................<a href="#page-8">8</a> <a href="#section-4.2">4.2</a>. Client Creates the Code Challenge ..........................<a href="#page-8">8</a> 4.3. Client Sends the Code Challenge with the Authorization Request ......................................<a href="#page-9">9</a> <a href="#section-4.4">4.4</a>. Server Returns the Code ....................................<a href="#page-9">9</a> <a href="#section-4.4.1">4.4.1</a>. Error Response ......................................<a href="#page-9">9</a> 4.5. Client Sends the Authorization Code and the Code Verifier to the Token Endpoint ............................<a href="#page-10">10</a> 4.6. Server Verifies code_verifier before Returning the Tokens ....................................................<a href="#page-10">10</a> <a href="#section-5">5</a>. Compatibility ..................................................<a href="#page-11">11</a> <a href="#section-6">6</a>. IANA Considerations ............................................<a href="#page-11">11</a> <a href="#section-6.1">6.1</a>. OAuth Parameters Registry .................................<a href="#page-11">11</a> <a href="#section-6.2">6.2</a>. PKCE Code Challenge Method Registry .......................<a href="#page-11">11</a> <a href="#section-6.2.1">6.2.1</a>. Registration Template ..............................<a href="#page-12">12</a> <a href="#section-6.2.2">6.2.2</a>. Initial Registry Contents ..........................<a href="#page-13">13</a> <a href="#section-7">7</a>. Security Considerations ........................................<a href="#page-13">13</a> <a href="#section-7.1">7.1</a>. Entropy of the code_verifier ..............................<a href="#page-13">13</a> <a href="#section-7.2">7.2</a>. Protection against Eavesdroppers ..........................<a href="#page-13">13</a> <a href="#section-7.3">7.3</a>. Salting the code_challenge ................................<a href="#page-14">14</a> <a href="#section-7.4">7.4</a>. OAuth Security Considerations .............................<a href="#page-14">14</a> <a href="#section-7.5">7.5</a>. TLS Security Considerations ...............................<a href="#page-15">15</a> <a href="#section-8">8</a>. References .....................................................<a href="#page-15">15</a> <a href="#section-8.1">8.1</a>. Normative References ......................................<a href="#page-15">15</a> <a href="#section-8.2">8.2</a>. Informative References ....................................<a href="#page-16">16</a> <a href="#appendix-A">Appendix A</a>. Notes on Implementing Base64url Encoding without Padding .............................................<a href="#page-17">17</a> <a href="#appendix-B">Appendix B</a>. Example for the S256 code_challenge_method ...........<a href="#page-17">17</a> Acknowledgements ..................................................<a href="#page-19">19</a> Authors&#x27; Addresses ................................................<a href="#page-20">20</a> <span class="grey">Sakimura, et al. Standards Track [Page 2]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> <span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span> OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>] public clients are susceptible to the authorization code interception attack. In this attack, the attacker intercepts the authorization code returned from the authorization endpoint within a communication path not protected by Transport Layer Security (TLS), such as inter- application communication within the client&#x27;s operating system. Once the attacker has gained access to the authorization code, it can use it to obtain the access token. Figure 1 shows the attack graphically. In step (1), the native application running on the end device, such as a smartphone, issues an OAuth 2.0 Authorization Request via the browser/operating system. The Redirection Endpoint URI in this case typically uses a custom URI scheme. Step (1) happens through a secure API that cannot be intercepted, though it may potentially be observed in advanced attack scenarios. The request then gets forwarded to the OAuth 2.0 authorization server in step (2). Because OAuth requires the use of TLS, this communication is protected by TLS and cannot be intercepted. The authorization server returns the authorization code in step (3). In step (4), the Authorization Code is returned to the requester via the Redirection Endpoint URI that was provided in step (1). Note that it is possible for a malicious app to register itself as a handler for the custom scheme in addition to the legitimate OAuth 2.0 app. Once it does so, the malicious app is now able to intercept the authorization code in step (4). This allows the attacker to request and obtain an access token in steps (5) and (6), respectively. <span class="grey">Sakimura, et al. Standards Track [Page 3]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ | End Device (e.g., Smartphone) | | | | +-------------+ +----------+ | (6) Access Token +----------+ | |Legitimate | | Malicious|&lt;--------------------| | | |OAuth 2.0 App| | App |--------------------&gt;| | | +-------------+ +----------+ | (5) Authorization | | | | ^ ^ | Grant | | | | \ | | | | | | \ (4) | | | | | (1) | \ Authz| | | | | Authz| \ Code | | | Authz | | Request| \ | | | Server | | | \ | | | | | | \ | | | | | v \ | | | | | +----------------------------+ | | | | | | | (3) Authz Code | | | | Operating System/ |&lt;--------------------| | | | Browser |--------------------&gt;| | | | | | (2) Authz Request | | | +----------------------------+ | +----------+ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ Figure 1: Authorization Code Interception Attack A number of pre-conditions need to hold for this attack to work: 1. The attacker manages to register a malicious application on the client device and registers a custom URI scheme that is also used by another application. The operating systems must allow a custom URI scheme to be registered by multiple applications. 2. The OAuth 2.0 authorization code grant is used. 3. The attacker has access to the OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>] &quot;client_id&quot; and &quot;client_secret&quot; (if provisioned). All OAuth 2.0 native app client-instances use the same &quot;client_id&quot;. Secrets provisioned in client binary applications cannot be considered confidential. 4. Either one of the following condition is met: 4a. The attacker (via the installed application) is able to observe only the responses from the authorization endpoint. When &quot;code_challenge_method&quot; value is &quot;plain&quot;, only this attack is mitigated. <span class="grey">Sakimura, et al. Standards Track [Page 4]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> 4b. A more sophisticated attack scenario allows the attacker to observe requests (in addition to responses) to the authorization endpoint. The attacker is, however, not able to act as a man in the middle. This was caused by leaking http log information in the OS. To mitigate this, &quot;code_challenge_method&quot; value must be set either to &quot;S256&quot; or a value defined by a cryptographically secure &quot;code_challenge_method&quot; extension. While this is a long list of pre-conditions, the described attack has been observed in the wild and has to be considered in OAuth 2.0 deployments. While the OAuth 2.0 threat model (<a href="/doc/html/rfc6819#section-4.4.1">Section&nbsp;4.4.1 of [RFC6819]</a>) describes mitigation techniques, they are, unfortunately, not applicable since they rely on a per-client instance secret or a per-client instance redirect URI. To mitigate this attack, this extension utilizes a dynamically created cryptographically random key called &quot;code verifier&quot;. A unique code verifier is created for every authorization request, and its transformed value, called &quot;code challenge&quot;, is sent to the authorization server to obtain the authorization code. The authorization code obtained is then sent to the token endpoint with the &quot;code verifier&quot;, and the server compares it with the previously received request code so that it can perform the proof of possession of the &quot;code verifier&quot; by the client. This works as the mitigation since the attacker would not know this one-time key, since it is sent over TLS and cannot be intercepted. <span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Protocol Flow</span> +-------------------+ | Authz Server | +--------+ | +---------------+ | | |--(A)- Authorization Request ----&gt;| | | | | + t(code_verifier), t_m | | Authorization | | | | | | Endpoint | | | |&lt;-(B)---- Authorization Code -----| | | | | | +---------------+ | | Client | | | | | | +---------------+ | | |--(C)-- Access Token Request ----&gt;| | | | | + code_verifier | | Token | | | | | | Endpoint | | | |&lt;-(D)------ Access Token ---------| | | +--------+ | +---------------+ | +-------------------+ Figure 2: Abstract Protocol Flow <span class="grey">Sakimura, et al. Standards Track [Page 5]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> This specification adds additional parameters to the OAuth 2.0 Authorization and Access Token Requests, shown in abstract form in Figure 2. A. The client creates and records a secret named the &quot;code_verifier&quot; and derives a transformed version &quot;t(code_verifier)&quot; (referred to as the &quot;code_challenge&quot;), which is sent in the OAuth 2.0 Authorization Request along with the transformation method &quot;t_m&quot;. B. The Authorization Endpoint responds as usual but records &quot;t(code_verifier)&quot; and the transformation method. C. The client then sends the authorization code in the Access Token Request as usual but includes the &quot;code_verifier&quot; secret generated at (A). D. The authorization server transforms &quot;code_verifier&quot; and compares it to &quot;t(code_verifier)&quot; from (B). Access is denied if they are not equal. An attacker who intercepts the authorization code at (B) is unable to redeem it for an access token, as they are not in possession of the &quot;code_verifier&quot; secret. <span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Notational Conventions</span> The key words &quot;MUST&quot;, &quot;MUST NOT&quot;, &quot;REQUIRED&quot;, &quot;SHALL&quot;, &quot;SHALL NOT&quot;, &quot;SHOULD&quot;, &quot;SHOULD NOT&quot;, &quot;RECOMMENDED&quot;, &quot;NOT RECOMMENDED&quot;, &quot;MAY&quot;, and &quot;OPTIONAL&quot; in this document are to be interpreted as described in &quot;Key words for use in RFCs to Indicate Requirement Levels&quot; [<a href="/doc/html/rfc2119" title="&quot;Key words for use in RFCs to Indicate Requirement Levels&quot;">RFC2119</a>]. If these words are used without being spelled in uppercase, then they are to be interpreted with their natural language meanings. This specification uses the Augmented Backus-Naur Form (ABNF) notation of [<a href="/doc/html/rfc5234" title="&quot;Augmented BNF for Syntax Specifications: ABNF&quot;">RFC5234</a>]. STRING denotes a sequence of zero or more ASCII [<a href="/doc/html/rfc20" title="&quot;ASCII format for network interchange&quot;">RFC20</a>] characters. OCTETS denotes a sequence of zero or more octets. ASCII(STRING) denotes the octets of the ASCII [<a href="/doc/html/rfc20" title="&quot;ASCII format for network interchange&quot;">RFC20</a>] representation of STRING where STRING is a sequence of zero or more ASCII characters. BASE64URL-ENCODE(OCTETS) denotes the base64url encoding of OCTETS, per <a href="#appendix-A">Appendix A</a>, producing a STRING. <span class="grey">Sakimura, et al. Standards Track [Page 6]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> BASE64URL-DECODE(STRING) denotes the base64url decoding of STRING, per <a href="#appendix-A">Appendix A</a>, producing a sequence of octets. SHA256(OCTETS) denotes a SHA2 256-bit hash [<a href="/doc/html/rfc6234" title="&quot;US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)&quot;">RFC6234</a>] of OCTETS. <span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Terminology</span> In addition to the terms defined in OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>], this specification defines the following terms: code verifier A cryptographically random string that is used to correlate the authorization request to the token request. code challenge A challenge derived from the code verifier that is sent in the authorization request, to be verified against later. code challenge method A method that was used to derive code challenge. Base64url Encoding Base64 encoding using the URL- and filename-safe character set defined in <a href="/doc/html/rfc4648#section-5">Section&nbsp;5 of [RFC4648]</a>, with all trailing &#x27;=&#x27; characters omitted (as permitted by <a href="/doc/html/rfc4648#section-3.2">Section&nbsp;3.2 of [RFC4648]</a>) and without the inclusion of any line breaks, whitespace, or other additional characters. (See <a href="#appendix-A">Appendix A</a> for notes on implementing base64url encoding without padding.) <span class="h3"><a class="selflink" id="section-3.1" href="#section-3.1">3.1</a>. Abbreviations</span> ABNF Augmented Backus-Naur Form Authz Authorization PKCE Proof Key for Code Exchange MITM Man-in-the-middle MTI Mandatory To Implement <span class="grey">Sakimura, et al. Standards Track [Page 7]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> <span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Protocol</span> <span class="h3"><a class="selflink" id="section-4.1" href="#section-4.1">4.1</a>. Client Creates a Code Verifier</span> The client first creates a code verifier, &quot;code_verifier&quot;, for each OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>] Authorization Request, in the following manner: code_verifier = high-entropy cryptographic random STRING using the unreserved characters [A-Z] / [a-z] / [0-9] / &quot;-&quot; / &quot;.&quot; / &quot;_&quot; / &quot;~&quot; from <a href="/doc/html/rfc3986#section-2.3">Section&nbsp;2.3 of [RFC3986]</a>, with a minimum length of 43 characters and a maximum length of 128 characters. ABNF for &quot;code_verifier&quot; is as follows. code-verifier = 43*128unreserved unreserved = ALPHA / DIGIT / &quot;-&quot; / &quot;.&quot; / &quot;_&quot; / &quot;~&quot; ALPHA = %x41-5A / %x61-7A DIGIT = %x30-39 NOTE: The code verifier SHOULD have enough entropy to make it impractical to guess the value. It is RECOMMENDED that the output of a suitable random number generator be used to create a 32-octet sequence. The octet sequence is then base64url-encoded to produce a 43-octet URL safe string to use as the code verifier. <span class="h3"><a class="selflink" id="section-4.2" href="#section-4.2">4.2</a>. Client Creates the Code Challenge</span> The client then creates a code challenge derived from the code verifier by using one of the following transformations on the code verifier: plain code_challenge = code_verifier S256 code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) If the client is capable of using &quot;S256&quot;, it MUST use &quot;S256&quot;, as &quot;S256&quot; is Mandatory To Implement (MTI) on the server. Clients are permitted to use &quot;plain&quot; only if they cannot support &quot;S256&quot; for some technical reason and know via out-of-band configuration that the server supports &quot;plain&quot;. The plain transformation is for compatibility with existing deployments and for constrained environments that can&#x27;t use the S256 transformation. <span class="grey">Sakimura, et al. Standards Track [Page 8]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> ABNF for &quot;code_challenge&quot; is as follows. code-challenge = 43*128unreserved unreserved = ALPHA / DIGIT / &quot;-&quot; / &quot;.&quot; / &quot;_&quot; / &quot;~&quot; ALPHA = %x41-5A / %x61-7A DIGIT = %x30-39 <span class="h3"><a class="selflink" id="section-4.3" href="#section-4.3">4.3</a>. Client Sends the Code Challenge with the Authorization Request</span> The client sends the code challenge as part of the OAuth 2.0 Authorization Request (<a href="/doc/html/rfc6749#section-4.1.1">Section&nbsp;4.1.1 of [RFC6749]</a>) using the following additional parameters: code_challenge REQUIRED. Code challenge. code_challenge_method OPTIONAL, defaults to &quot;plain&quot; if not present in the request. Code verifier transformation method is &quot;S256&quot; or &quot;plain&quot;. <span class="h3"><a class="selflink" id="section-4.4" href="#section-4.4">4.4</a>. Server Returns the Code</span> When the server issues the authorization code in the authorization response, it MUST associate the &quot;code_challenge&quot; and &quot;code_challenge_method&quot; values with the authorization code so it can be verified later. Typically, the &quot;code_challenge&quot; and &quot;code_challenge_method&quot; values are stored in encrypted form in the &quot;code&quot; itself but could alternatively be stored on the server associated with the code. The server MUST NOT include the &quot;code_challenge&quot; value in client requests in a form that other entities can extract. The exact method that the server uses to associate the &quot;code_challenge&quot; with the issued &quot;code&quot; is out of scope for this specification. <span class="h4"><a class="selflink" id="section-4.4.1" href="#section-4.4.1">4.4.1</a>. Error Response</span> If the server requires Proof Key for Code Exchange (PKCE) by OAuth public clients and the client does not send the &quot;code_challenge&quot; in the request, the authorization endpoint MUST return the authorization error response with the &quot;error&quot; value set to &quot;invalid_request&quot;. The &quot;error_description&quot; or the response of &quot;error_uri&quot; SHOULD explain the nature of error, e.g., code challenge required. <span class="grey">Sakimura, et al. Standards Track [Page 9]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> If the server supporting PKCE does not support the requested transformation, the authorization endpoint MUST return the authorization error response with &quot;error&quot; value set to &quot;invalid_request&quot;. The &quot;error_description&quot; or the response of &quot;error_uri&quot; SHOULD explain the nature of error, e.g., transform algorithm not supported. <span class="h3"><a class="selflink" id="section-4.5" href="#section-4.5">4.5</a>. Client Sends the Authorization Code and the Code Verifier to the</span> <span class="h3"> Token Endpoint</span> Upon receipt of the Authorization Code, the client sends the Access Token Request to the token endpoint. In addition to the parameters defined in the OAuth 2.0 Access Token Request (<a href="/doc/html/rfc6749#section-4.1.3">Section&nbsp;4.1.3 of [RFC6749]</a>), it sends the following parameter: code_verifier REQUIRED. Code verifier The &quot;code_challenge_method&quot; is bound to the Authorization Code when the Authorization Code is issued. That is the method that the token endpoint MUST use to verify the &quot;code_verifier&quot;. <span class="h3"><a class="selflink" id="section-4.6" href="#section-4.6">4.6</a>. Server Verifies code_verifier before Returning the Tokens</span> Upon receipt of the request at the token endpoint, the server verifies it by calculating the code challenge from the received &quot;code_verifier&quot; and comparing it with the previously associated &quot;code_challenge&quot;, after first transforming it according to the &quot;code_challenge_method&quot; method specified by the client. If the &quot;code_challenge_method&quot; from <a href="#section-4.3">Section 4.3</a> was &quot;S256&quot;, the received &quot;code_verifier&quot; is hashed by SHA-256, base64url-encoded, and then compared to the &quot;code_challenge&quot;, i.e.: BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge If the &quot;code_challenge_method&quot; from <a href="#section-4.3">Section 4.3</a> was &quot;plain&quot;, they are compared directly, i.e.: code_verifier == code_challenge. If the values are equal, the token endpoint MUST continue processing as normal (as defined by OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>]). If the values are not equal, an error response indicating &quot;invalid_grant&quot; as described in <a href="/doc/html/rfc6749#section-5.2">Section&nbsp;5.2 of [RFC6749]</a> MUST be returned. <span class="grey">Sakimura, et al. Standards Track [Page 10]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> <span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Compatibility</span> Server implementations of this specification MAY accept OAuth2.0 clients that do not implement this extension. If the &quot;code_verifier&quot; is not received from the client in the Authorization Request, servers supporting backwards compatibility revert to the OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>] protocol without this extension. As the OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>] server responses are unchanged by this specification, client implementations of this specification do not need to know if the server has implemented this specification or not and SHOULD send the additional parameters as defined in <a href="#section-4">Section 4</a> to all servers. <span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. IANA Considerations</span> IANA has made the following registrations per this document. <span class="h3"><a class="selflink" id="section-6.1" href="#section-6.1">6.1</a>. OAuth Parameters Registry</span> This specification registers the following parameters in the IANA &quot;OAuth Parameters&quot; registry defined in OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>]. o Parameter name: code_verifier o Parameter usage location: token request o Change controller: IESG o Specification document(s): <a href="/doc/html/rfc7636">RFC 7636</a> (this document) o Parameter name: code_challenge o Parameter usage location: authorization request o Change controller: IESG o Specification document(s): <a href="/doc/html/rfc7636">RFC 7636</a> (this document) o Parameter name: code_challenge_method o Parameter usage location: authorization request o Change controller: IESG o Specification document(s): <a href="/doc/html/rfc7636">RFC 7636</a> (this document) <span class="h3"><a class="selflink" id="section-6.2" href="#section-6.2">6.2</a>. PKCE Code Challenge Method Registry</span> This specification establishes the &quot;PKCE Code Challenge Methods&quot; registry. The new registry should be a sub-registry of the &quot;OAuth Parameters&quot; registry. Additional &quot;code_challenge_method&quot; types for use with the authorization endpoint are registered using the Specification Required policy [<a href="/doc/html/rfc5226" title="">RFC5226</a>], which includes review of the request by one or more Designated Experts (DEs). The DEs will ensure that there <span class="grey">Sakimura, et al. Standards Track [Page 11]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> is at least a two-week review of the request on the oauth-ext- review@ietf.org mailing list and that any discussion on that list converges before they respond to the request. To allow for the allocation of values prior to publication, the Designated Expert(s) may approve registration once they are satisfied that an acceptable specification will be published. Registration requests and discussion on the oauth-ext-review@ietf.org mailing list should use an appropriate subject, such as &quot;Request for PKCE code_challenge_method: example&quot;). The Designated Expert(s) should consider the discussion on the mailing list, as well as the overall security properties of the challenge method when evaluating registration requests. New methods should not disclose the value of the code_verifier in the request to the Authorization endpoint. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful. <span class="h4"><a class="selflink" id="section-6.2.1" href="#section-6.2.1">6.2.1</a>. Registration Template</span> Code Challenge Method Parameter Name: The name requested (e.g., &quot;example&quot;). Because a core goal of this specification is for the resulting representations to be compact, it is RECOMMENDED that the name be short -- not to exceed 8 characters without a compelling reason to do so. This name is case-sensitive. Names may not match other registered names in a case-insensitive manner unless the Designated Expert(s) states that there is a compelling reason to allow an exception in this particular case. Change Controller: For Standards Track RFCs, state &quot;IESG&quot;. For others, give the name of the responsible party. Other details (e.g., postal address, email address, and home page URI) may also be included. Specification Document(s): Reference to the document(s) that specifies the parameter, preferably including URI(s) that can be used to retrieve copies of the document(s). An indication of the relevant sections may also be included but is not required. <span class="grey">Sakimura, et al. Standards Track [Page 12]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> <span class="h4"><a class="selflink" id="section-6.2.2" href="#section-6.2.2">6.2.2</a>. Initial Registry Contents</span> Per this document, IANA has registered the Code Challenge Method Parameter Names defined in <a href="#section-4.2">Section 4.2</a> in this registry. o Code Challenge Method Parameter Name: plain o Change Controller: IESG o Specification Document(s): <a href="/doc/html/rfc7636#section-4.2">Section&nbsp;4.2 of RFC 7636</a> (this document) o Code Challenge Method Parameter Name: S256 o Change Controller: IESG o Specification Document(s): <a href="/doc/html/rfc7636#section-4.2">Section&nbsp;4.2 of RFC 7636</a> (this document) <span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span> <span class="h3"><a class="selflink" id="section-7.1" href="#section-7.1">7.1</a>. Entropy of the code_verifier</span> The security model relies on the fact that the code verifier is not learned or guessed by the attacker. It is vitally important to adhere to this principle. As such, the code verifier has to be created in such a manner that it is cryptographically random and has high entropy that it is not practical for the attacker to guess. The client SHOULD create a &quot;code_verifier&quot; with a minimum of 256 bits of entropy. This can be done by having a suitable random number generator create a 32-octet sequence. The octet sequence can then be base64url-encoded to produce a 43-octet URL safe string to use as a &quot;code_challenge&quot; that has the required entropy. <span class="h3"><a class="selflink" id="section-7.2" href="#section-7.2">7.2</a>. Protection against Eavesdroppers</span> Clients MUST NOT downgrade to &quot;plain&quot; after trying the &quot;S256&quot; method. Servers that support PKCE are required to support &quot;S256&quot;, and servers that do not support PKCE will simply ignore the unknown &quot;code_verifier&quot;. Because of this, an error when &quot;S256&quot; is presented can only mean that the server is faulty or that a MITM attacker is trying a downgrade attack. The &quot;S256&quot; method protects against eavesdroppers observing or intercepting the &quot;code_challenge&quot;, because the challenge cannot be used without the verifier. With the &quot;plain&quot; method, there is a chance that &quot;code_challenge&quot; will be observed by the attacker on the device or in the http request. Since the code challenge is the same as the code verifier in this case, the &quot;plain&quot; method does not protect against the eavesdropping of the initial request. The use of &quot;S256&quot; protects against disclosure of the &quot;code_verifier&quot; value to an attacker. <span class="grey">Sakimura, et al. Standards Track [Page 13]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> Because of this, &quot;plain&quot; SHOULD NOT be used and exists only for compatibility with deployed implementations where the request path is already protected. The &quot;plain&quot; method SHOULD NOT be used in new implementations, unless they cannot support &quot;S256&quot; for some technical reason. The &quot;S256&quot; code challenge method or other cryptographically secure code challenge method extension SHOULD be used. The &quot;plain&quot; code challenge method relies on the operating system and transport security not to disclose the request to an attacker. If the code challenge method is &quot;plain&quot; and the code challenge is to be returned inside authorization &quot;code&quot; to achieve a stateless server, it MUST be encrypted in such a manner that only the server can decrypt and extract it. <span class="h3"><a class="selflink" id="section-7.3" href="#section-7.3">7.3</a>. Salting the code_challenge</span> To reduce implementation complexity, salting is not used in the production of the code challenge, as the code verifier contains sufficient entropy to prevent brute-force attacks. Concatenating a publicly known value to a code verifier (containing 256 bits of entropy) and then hashing it with SHA256 to produce a code challenge would not increase the number of attempts necessary to brute force a valid value for code verifier. While the &quot;S256&quot; transformation is like hashing a password, there are important differences. Passwords tend to be relatively low-entropy words that can be hashed offline and the hash looked up in a dictionary. By concatenating a unique though public value to each password prior to hashing, the dictionary space that an attacker needs to search is greatly expanded. Modern graphics processors now allow attackers to calculate hashes in real time faster than they could be looked up from a disk. This eliminates the value of the salt in increasing the complexity of a brute-force attack for even low-entropy passwords. <span class="h3"><a class="selflink" id="section-7.4" href="#section-7.4">7.4</a>. OAuth Security Considerations</span> All the OAuth security analysis presented in [<a href="/doc/html/rfc6819" title="&quot;OAuth 2.0 Threat Model and Security Considerations&quot;">RFC6819</a>] applies, so readers SHOULD carefully follow it. <span class="grey">Sakimura, et al. Standards Track [Page 14]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> <span class="h3"><a class="selflink" id="section-7.5" href="#section-7.5">7.5</a>. TLS Security Considerations</span> Current security considerations can be found in &quot;Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)&quot; [<a href="#ref-BCP195" title="&quot;Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)&quot;">BCP195</a>]. This supersedes the TLS version recommendations in OAuth 2.0 [<a href="/doc/html/rfc6749" title="&quot;The OAuth 2.0 Authorization Framework&quot;">RFC6749</a>]. <span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. References</span> <span class="h3"><a class="selflink" id="section-8.1" href="#section-8.1">8.1</a>. Normative References</span> [<a id="ref-BCP195">BCP195</a>] Sheffer, Y., Holz, R., and P. Saint-Andre, &quot;Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)&quot;, <a href="/doc/html/bcp195">BCP 195</a>, <a href="/doc/html/rfc7525">RFC 7525</a>, May 2015, &lt;<a href="http://www.rfc-editor.org/info/bcp195">http://www.rfc-editor.org/info/bcp195</a>&gt;. [<a id="ref-RFC20">RFC20</a>] Cerf, V., &quot;ASCII format for network interchange&quot;, STD 80, <a href="/doc/html/rfc20">RFC 20</a>, DOI 10.17487/RFC0020, October 1969, &lt;<a href="http://www.rfc-editor.org/info/rfc20">http://www.rfc-editor.org/info/rfc20</a>&gt;. [<a id="ref-RFC2119">RFC2119</a>] Bradner, S., &quot;Key words for use in RFCs to Indicate Requirement Levels&quot;, <a href="/doc/html/bcp14">BCP 14</a>, <a href="/doc/html/rfc2119">RFC 2119</a>, DOI 10.17487/RFC2119, March 1997, &lt;<a href="http://www.rfc-editor.org/info/rfc2119">http://www.rfc-editor.org/info/rfc2119</a>&gt;. [<a id="ref-RFC3986">RFC3986</a>] Berners-Lee, T., Fielding, R., and L. Masinter, &quot;Uniform Resource Identifier (URI): Generic Syntax&quot;, STD 66, <a href="/doc/html/rfc3986">RFC</a> <a href="/doc/html/rfc3986">3986</a>, DOI 10.17487/RFC3986, January 2005, &lt;<a href="http://www.rfc-editor.org/info/rfc3986">http://www.rfc-editor.org/info/rfc3986</a>&gt;. [<a id="ref-RFC4648">RFC4648</a>] Josefsson, S., &quot;The Base16, Base32, and Base64 Data Encodings&quot;, <a href="/doc/html/rfc4648">RFC 4648</a>, DOI 10.17487/RFC4648, October 2006, &lt;<a href="http://www.rfc-editor.org/info/rfc4648">http://www.rfc-editor.org/info/rfc4648</a>&gt;. [<a id="ref-RFC5226">RFC5226</a>] Narten, T. and H. Alvestrand, &quot;Guidelines for Writing an IANA Considerations Section in RFCs&quot;, <a href="/doc/html/bcp26">BCP 26</a>, <a href="/doc/html/rfc5226">RFC 5226</a>, DOI 10.17487/RFC5226, May 2008, &lt;<a href="http://www.rfc-editor.org/info/rfc5226">http://www.rfc-editor.org/info/rfc5226</a>&gt;. [<a id="ref-RFC5234">RFC5234</a>] Crocker, D., Ed. and P. Overell, &quot;Augmented BNF for Syntax Specifications: ABNF&quot;, STD 68, <a href="/doc/html/rfc5234">RFC 5234</a>, DOI 10.17487/RFC5234, January 2008, &lt;<a href="http://www.rfc-editor.org/info/rfc5234">http://www.rfc-editor.org/info/rfc5234</a>&gt;. <span class="grey">Sakimura, et al. Standards Track [Page 15]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> [<a id="ref-RFC6234">RFC6234</a>] Eastlake 3rd, D. and T. Hansen, &quot;US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)&quot;, <a href="/doc/html/rfc6234">RFC 6234</a>, DOI 10.17487/RFC6234, May 2011, &lt;<a href="http://www.rfc-editor.org/info/rfc6234">http://www.rfc-editor.org/info/rfc6234</a>&gt;. [<a id="ref-RFC6749">RFC6749</a>] Hardt, D., Ed., &quot;The OAuth 2.0 Authorization Framework&quot;, <a href="/doc/html/rfc6749">RFC 6749</a>, DOI 10.17487/RFC6749, October 2012, &lt;<a href="http://www.rfc-editor.org/info/rfc6749">http://www.rfc-editor.org/info/rfc6749</a>&gt;. <span class="h3"><a class="selflink" id="section-8.2" href="#section-8.2">8.2</a>. Informative References</span> [<a id="ref-RFC6819">RFC6819</a>] Lodderstedt, T., Ed., McGloin, M., and P. Hunt, &quot;OAuth 2.0 Threat Model and Security Considerations&quot;, <a href="/doc/html/rfc6819">RFC 6819</a>, DOI 10.17487/RFC6819, January 2013, &lt;<a href="http://www.rfc-editor.org/info/rfc6819">http://www.rfc-editor.org/info/rfc6819</a>&gt;. <span class="grey">Sakimura, et al. Standards Track [Page 16]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-17" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> <span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Notes on Implementing Base64url Encoding without Padding</span> This appendix describes how to implement a base64url-encoding function without padding, based upon the standard base64-encoding function that uses padding. To be concrete, example C# code implementing these functions is shown below. Similar code could be used in other languages. static string base64urlencode(byte [] arg) { string s = Convert.ToBase64String(arg); // Regular base64 encoder s = s.Split(&#x27;=&#x27;)[0]; // Remove any trailing &#x27;=&#x27;s s = s.Replace(&#x27;+&#x27;, &#x27;-&#x27;); // 62nd char of encoding s = s.Replace(&#x27;/&#x27;, &#x27;_&#x27;); // 63rd char of encoding return s; } An example correspondence between unencoded and encoded values follows. The octet sequence below encodes into the string below, which when decoded, reproduces the octet sequence. 3 236 255 224 193 A-z_4ME <span class="h2"><a class="selflink" id="appendix-B" href="#appendix-B">Appendix B</a>. Example for the S256 code_challenge_method</span> The client uses output of a suitable random number generator to create a 32-octet sequence. The octets representing the value in this example (using JSON array notation) are: [116, 24, 223, 180, 151, 153, 224, 37, 79, 250, 96, 125, 216, 173, 187, 186, 22, 212, 37, 77, 105, 214, 191, 240, 91, 88, 5, 88, 83, 132, 141, 121] Encoding this octet sequence as base64url provides the value of the code_verifier: dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk The code_verifier is then hashed via the SHA256 hash function to produce: [19, 211, 30, 150, 26, 26, 216, 236, 47, 22, 177, 12, 76, 152, 46, 8, 118, 168, 120, 173, 109, 241, 68, 86, 110, 225, 137, 74, 203, 112, 249, 195] <span class="grey">Sakimura, et al. Standards Track [Page 17]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-18" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> Encoding this octet sequence as base64url provides the value of the code_challenge: E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM The authorization request includes: code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM &amp;code_challenge_method=S256 The authorization server then records the code_challenge and code_challenge_method along with the code that is granted to the client. In the request to the token_endpoint, the client includes the code received in the authorization response as well as the additional parameter: code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk The authorization server retrieves the information for the code grant. Based on the recorded code_challenge_method being S256, it then hashes and base64url-encodes the value of code_verifier: BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) The calculated value is then compared with the value of &quot;code_challenge&quot;: BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge If the two values are equal, then the authorization server can provide the tokens as long as there are no other errors in the request. If the values are not equal, then the request must be rejected, and an error returned. <span class="grey">Sakimura, et al. Standards Track [Page 18]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-19" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> Acknowledgements The initial draft version of this specification was created by the OpenID AB/Connect Working Group of the OpenID Foundation. This specification is the work of the OAuth Working Group, which includes dozens of active and dedicated participants. In particular, the following individuals contributed ideas, feedback, and wording that shaped and formed the final specification: Anthony Nadalin, Microsoft Axel Nenker, Deutsche Telekom Breno de Medeiros, Google Brian Campbell, Ping Identity Chuck Mortimore, Salesforce Dirk Balfanz, Google Eduardo Gueiros, Jive Communications Hannes Tschonfenig, ARM James Manger, Telstra Justin Richer, MIT Kerberos Josh Mandel, Boston Children&#x27;s Hospital Lewis Adam, Motorola Solutions Madjid Nakhjiri, Samsung Michael B. Jones, Microsoft Paul Madsen, Ping Identity Phil Hunt, Oracle Prateek Mishra, Oracle Ryo Ito, mixi Scott Tomilson, Ping Identity Sergey Beryozkin Takamichi Saito Torsten Lodderstedt, Deutsche Telekom William Denniss, Google <span class="grey">Sakimura, et al. Standards Track [Page 19]</span></pre> <hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-20" ></span> <span class="grey"><a href="/doc/html/rfc7636">RFC 7636</a> OAUTH PKCE September 2015</span> Authors&#x27; Addresses Nat Sakimura (editor) Nomura Research Institute 1-6-5 Marunouchi, Marunouchi Kitaguchi Bldg. Chiyoda-ku, Tokyo 100-0005 Japan Phone: +81-3-5533-2111 Email: n-sakimura@nri.co.jp URI: <a href="http://nat.sakimura.org/">http://nat.sakimura.org/</a> John Bradley Ping Identity Casilla 177, Sucursal Talagante Talagante, RM Chile Phone: +44 20 8133 3718 Email: ve7jtb@ve7jtb.com URI: <a href="http://www.thread-safe.com/">http://www.thread-safe.com/</a> Naveen Agarwal Google 1600 Amphitheatre Parkway Mountain View, CA 94043 United States Phone: +1 650-253-0000 Email: naa@google.com URI: <a href="https://google.com/">http://google.com/</a> Sakimura, et al. Standards Track [Page 20] </pre></div> </div> </div> <div class="d-print-none col-md-3 bg-light-subtle collapse show" id="sidebar"> <div class="position-fixed border-start sidebar overflow-scroll overscroll-none no-scrollbar"> <div class="d-flex flex-column vh-100 pt-2 pt-lg-3 ps-3 pl-md-2 pl-lg-3"> <div> <a class="btn btn-primary btn-sm" href="/doc/rfc7636/">Datatracker</a> <p class="fw-bold pt-2"> RFC 7636 <br> <span class="text-success">RFC - Proposed Standard </span> </p> </div> <ul class="nav nav-tabs nav-fill small me-2" role="tablist"> <li class="nav-item" role="presentation" title="Document information"> <button class="nav-link px-2" id="docinfo-tab" data-bs-toggle="tab" data-bs-target="#docinfo-tab-pane" type="button" role="tab" aria-controls="docinfo-tab-pane" aria-selected="true"> <i class="bi bi-info-circle"></i><span class="d-none d-md-block d-xl-inline ms-xl-1">Info</span> </button> </li> <li class="nav-item" role="presentation" title="Table of contents"> <button class="nav-link px-2" id="toc-tab" data-bs-toggle="tab" data-bs-target="#toc-tab-pane" type="button" role="tab" aria-controls="toc-tab-pane" aria-selected="false"> <i class="bi bi-list-ol"></i><span class="d-none d-md-block d-xl-inline ms-xl-1">Contents</span> </button> </li> <li class="nav-item" role="presentation" title="Preferences"> <button class="nav-link px-2" id="pref-tab" data-bs-toggle="tab" data-bs-target="#pref-tab-pane" type="button" role="tab" aria-controls="pref-tab-pane" aria-selected="false"> <i class="bi bi-gear"></i><span class="d-none d-md-block d-xl-inline ms-xl-1">Prefs</span> </button> </li> </ul> <div class="overflow-auto tab-content pt-2 me-2"> <div class="tab-pane" id="docinfo-tab-pane" role="tabpanel" aria-labelledby="docinfo-tab" tabindex="0"> <table class="table table-sm table-borderless"> <tbody class="meta align-top "> <tr> <th scope="row">Document</th> <th scope="row">Document type</th> <td class="edit"></td> <td> <span class="text-success">RFC - Proposed Standard </span> <br>September 2015 <br> <a class="btn btn-primary btn-sm my-1" href="https://www.rfc-editor.org/errata_search.php?rfc=7636" title="Click to view errata." rel="nofollow"> View errata </a> <a class="btn btn-sm btn-warning" title="Click to report an error in the document." href="https://www.rfc-editor.org/errata.php#reportnew" target="_blank"> Report errata </a> <div> Was <a href="/doc/draft-ietf-oauth-spop/15/">draft-ietf-oauth-spop</a> (<a href="/wg/oauth/about/">oauth WG</a>) </div> </td> </tr> <tr> <td></td> <th scope="row">Select version</th> <td class="edit"></td> <td> <ul class="revision-list pagination pagination-sm text-center flex-wrap my-0"> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-00" rel="nofollow"> 00 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-01" rel="nofollow"> 01 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-02" rel="nofollow"> 02 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-03" rel="nofollow"> 03 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-04" rel="nofollow"> 04 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-05" rel="nofollow"> 05 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-06" rel="nofollow"> 06 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-07" rel="nofollow"> 07 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-08" rel="nofollow"> 08 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-09" rel="nofollow"> 09 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-10" rel="nofollow"> 10 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-11" rel="nofollow"> 11 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-12" rel="nofollow"> 12 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-13" rel="nofollow"> 13 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-14" rel="nofollow"> 14 </a> </li> <li class="page-item"> <a class="page-link" href="/doc/html/draft-ietf-oauth-spop-15" rel="nofollow"> 15 </a> </li> <li class="page-item rfc active"> <a class="page-link" href="/doc/html/rfc7636"> RFC 7636 </a> </li> </ul> </td> </tr> <tr> <td></td> <th scope="row">Compare versions</th> <td class="edit"></td> <td> <form class="form-horizontal diff-form" action="https://author-tools.ietf.org/iddiff" method="get" target="_blank"> <select class="form-select form-select-sm mb-1 select2-field" data-max-entries="1" data-width="resolve" data-allow-clear="false" data-minimum-input-length="0" aria-label="From revision" name="url1"> <option value="rfc7636"> RFC 7636 </option> <option value="draft-ietf-oauth-spop-15" selected> draft-ietf-oauth-spop-15 </option> <option value="draft-ietf-oauth-spop-14"> draft-ietf-oauth-spop-14 </option> <option value="draft-ietf-oauth-spop-13"> draft-ietf-oauth-spop-13 </option> <option value="draft-ietf-oauth-spop-12"> draft-ietf-oauth-spop-12 </option> <option value="draft-ietf-oauth-spop-11"> draft-ietf-oauth-spop-11 </option> <option value="draft-ietf-oauth-spop-10"> draft-ietf-oauth-spop-10 </option> <option value="draft-ietf-oauth-spop-09"> draft-ietf-oauth-spop-09 </option> <option value="draft-ietf-oauth-spop-08"> draft-ietf-oauth-spop-08 </option> <option value="draft-ietf-oauth-spop-07"> draft-ietf-oauth-spop-07 </option> <option value="draft-ietf-oauth-spop-06"> draft-ietf-oauth-spop-06 </option> <option value="draft-ietf-oauth-spop-05"> draft-ietf-oauth-spop-05 </option> <option value="draft-ietf-oauth-spop-04"> draft-ietf-oauth-spop-04 </option> <option value="draft-ietf-oauth-spop-03"> draft-ietf-oauth-spop-03 </option> <option value="draft-ietf-oauth-spop-02"> draft-ietf-oauth-spop-02 </option> <option value="draft-ietf-oauth-spop-01"> draft-ietf-oauth-spop-01 </option> <option value="draft-ietf-oauth-spop-00"> draft-ietf-oauth-spop-00 </option> </select> <select class="form-select form-select-sm mb-1 select2-field" data-max-entries="1" data-width="resolve" data-allow-clear="false" data-minimum-input-length="0" aria-label="To revision" name="url2"> <option value="rfc7636" selected> RFC 7636 </option> <option value="draft-ietf-oauth-spop-15"> draft-ietf-oauth-spop-15 </option> <option value="draft-ietf-oauth-spop-14"> draft-ietf-oauth-spop-14 </option> <option value="draft-ietf-oauth-spop-13"> draft-ietf-oauth-spop-13 </option> <option value="draft-ietf-oauth-spop-12"> draft-ietf-oauth-spop-12 </option> <option value="draft-ietf-oauth-spop-11"> draft-ietf-oauth-spop-11 </option> <option value="draft-ietf-oauth-spop-10"> draft-ietf-oauth-spop-10 </option> <option value="draft-ietf-oauth-spop-09"> draft-ietf-oauth-spop-09 </option> <option value="draft-ietf-oauth-spop-08"> draft-ietf-oauth-spop-08 </option> <option value="draft-ietf-oauth-spop-07"> draft-ietf-oauth-spop-07 </option> <option value="draft-ietf-oauth-spop-06"> draft-ietf-oauth-spop-06 </option> <option value="draft-ietf-oauth-spop-05"> draft-ietf-oauth-spop-05 </option> <option value="draft-ietf-oauth-spop-04"> draft-ietf-oauth-spop-04 </option> <option value="draft-ietf-oauth-spop-03"> draft-ietf-oauth-spop-03 </option> <option value="draft-ietf-oauth-spop-02"> draft-ietf-oauth-spop-02 </option> <option value="draft-ietf-oauth-spop-01"> draft-ietf-oauth-spop-01 </option> <option value="draft-ietf-oauth-spop-00"> draft-ietf-oauth-spop-00 </option> </select> <button type="submit" class="btn btn-primary btn-sm" value="--html" name="difftype"> Side-by-side </button> <button type="submit" class="btn btn-primary btn-sm" value="--hwdiff" name="difftype"> Inline </button> </form> </td> </tr> <tr> <td></td> <th scope="row">Authors</th> <td class="edit"> </td> <td> <span ><a title="Datatracker profile of Nat Sakimura" href="/person/nat@nat.consulting" >Nat Sakimura</a> <a href="mailto:nat%40nat.consulting" aria-label="Compose email to nat@nat.consulting" title="Compose email to nat@nat.consulting"> <i class="bi bi-envelope"></i></a></span>, <span ><a title="Datatracker profile of John Bradley" href="/person/ve7jtb@ve7jtb.com" >John Bradley</a> <a href="mailto:ve7jtb%40ve7jtb.com" aria-label="Compose email to ve7jtb@ve7jtb.com" title="Compose email to ve7jtb@ve7jtb.com"> <i class="bi bi-envelope"></i></a></span>, <span ><a title="Datatracker profile of Naveen Agarwal" href="/person/naa@google.com" >Naveen Agarwal</a> <a href="mailto:naa%40google.com" aria-label="Compose email to naa@google.com" title="Compose email to naa@google.com"> <i class="bi bi-envelope"></i></a></span> <br> <a class="btn btn-primary btn-sm mt-1" href="mailto:rfc7636@ietf.org?subject=rfc7636" title="Send email to the document authors">Email authors</a> </td> </tr> <tr> <td></td> <th scope="row"> RFC stream </th> <td class="edit"> </td> <td > <img alt="IETF Logo" class="d-lm-none w-25 mt-1" src="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor-white.svg" > <img alt="IETF Logo" class="d-dm-none w-25 mt-1" src="https://static.ietf.org/dt/12.28.2/ietf/images/ietf-logo-nor.svg" > </td> </tr> <tr> <td></td> <th scope="row"> Other formats </th> <td class="edit"> </td> <td> <div class="buttonlist"> <a class="btn btn-primary btn-sm" target="_blank" href="https://www.rfc-editor.org/rfc/rfc7636.txt"> <i class="bi bi-file-text"></i> txt </a> <a class="btn btn-primary btn-sm" target="_blank" href="https://www.rfc-editor.org/rfc/rfc7636.html"> <i class="bi bi-file-code"></i> html </a> <a class="btn btn-primary btn-sm" download="rfc7636.pdf" target="_blank" href="https://www.rfc-editor.org/rfc/pdfrfc/rfc7636.txt.pdf"> <i class="bi bi-file-pdf"></i> pdf </a> <a class="btn btn-primary btn-sm" target="_blank" href="https://www.rfc-editor.org/rfc/inline-errata/rfc7636.html"> <i class="bi bi-file-diff"></i> w/errata </a> <a class="btn btn-primary btn-sm" target="_blank" href="/doc/rfc7636/bibtex/"> <i class="bi bi-file-ruled"></i> bibtex </a> </div> </td> </tr> <tr> <td> </td> <th scope="row"> Additional resources </th> <td class="edit"> </td> <td> <a href="https://mailarchive.ietf.org/arch/browse/oauth/?q=rfc7636 OR %22draft-ietf-oauth-spop%22"> Mailing list discussion </a> </td> </tr> </tbody> </table> <a class="btn btn-sm btn-warning mb-3" target="_blank" href="https://github.com/ietf-tools/datatracker/issues/new/choose"> Report a datatracker bug <i class="bi bi-bug"></i> </a> </div> <div class="tab-pane mb-5" id="toc-tab-pane" role="tabpanel" aria-labelledby="toc-tab" tabindex="0"> <nav class="nav nav-pills flex-column small" id="toc-nav"> </nav> </div> <div class="tab-pane mb-5 small" id="pref-tab-pane" role="tabpanel" aria-labelledby="pref-tab" tabindex="0"> <label class="form-label fw-bold mb-2">Show sidebar by default</label> <div class="btn-group-vertical btn-group-sm d-flex" role="group"> <input type="radio" class="btn-check" name="sidebar" id="on-radio"> <label class="btn btn-outline-primary" for="on-radio">Yes</label> <input type="radio" class="btn-check" name="sidebar" id="off-radio"> <label class="btn btn-outline-primary" for="off-radio">No</label> </div> <label class="form-label fw-bold mt-4 mb-2">Tab to show by default</label> <div class="btn-group-vertical btn-group-sm d-flex" role="group"> <input type="radio" class="btn-check" name="deftab" id="docinfo-radio"> <label class="btn btn-outline-primary" for="docinfo-radio"> <i class="bi bi-info-circle me-1"></i>Info </label> <input type="radio" class="btn-check" name="deftab" id="toc-radio"> <label class="btn btn-outline-primary" for="toc-radio"> <i class="bi bi-list-ol me-1"></i>Contents </label> </div> <label class="form-label fw-bold mt-4 mb-2">HTMLization configuration</label> <div class="btn-group-vertical btn-group-sm d-flex" role="group"> <input type="radio" class="btn-check" name="htmlconf" id="txt-radio"> <label class="btn btn-outline-primary" for="txt-radio" title="This is the traditional HTMLization method."> <i class="bi bi-badge-sd me-1"></i>HTMLize the plaintext </label> <input type="radio" class="btn-check" name="htmlconf" id="html-radio"> <label class="btn btn-outline-primary" for="html-radio" title="This is the modern HTMLization method."> <i class="bi bi-badge-hd me-1"></i>Plaintextify the HTML </label> </div> <label class="form-label fw-bold mt-4 mb-2" for="ptsize">Maximum font size</label> <input type="range" class="form-range" min="7" max="16" id="ptsize" oninput="ptdemo.value = ptsize.value"> <label class="form-label fw-bold mt-4 mb-2">Page dependencies</label> <div class="btn-group-vertical btn-group-sm d-flex" role="group"> <input type="radio" class="btn-check" name="pagedeps" id="inline-radio"> <label class="btn btn-outline-primary" for="inline-radio" title="Generate larger, standalone web pages that do not require network access to render."> <i class="bi bi-box me-1"></i>Inline </label> <input type="radio" class="btn-check" name="pagedeps" id="reference-radio"> <label class="btn btn-outline-primary" for="reference-radio" title="Generate regular web pages that require network access to render."> <i class="bi bi-link-45deg me-1"></i>Reference </label> </div> <label class="form-label fw-bold mt-4 mb-2">Citation links</label> <div class="btn-group-vertical btn-group-sm d-flex" role="group"> <input type="radio" class="btn-check" name="reflinks" id="refsection-radio"> <label class="btn btn-outline-primary" for="refsection-radio" title="Citation links go to the reference section."> <i class="bi bi-arrow-clockwise"></i> Go to reference section </label> <input type="radio" class="btn-check" name="reflinks" id="citation-radio"> <label class="btn btn-outline-primary" for="citation-radio" title="Citation links go directly to the cited document."> <i class="bi bi-link-45deg me-1"></i>Go to linked document </label> </div> </div> </div> </div> </div> </div> </div> <script type="text/javascript"> var _paq = window._paq || []; _paq.push(['disableCookies']); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//analytics.ietf.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', 7]); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <noscript><p><img src="//analytics.ietf.org/piwik.php?idsite=7" style="border:0;" alt="" /></p></noscript> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8e728126eff25f39',t:'MTczMjM3OTAxNC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10