Generate code_verifier & code_challenge pairs for OAuth 2.0 (RFC 7636)
βοΈ Options
π Generated Pair
code_verifier
β
code_challenge
β
code_challenge_method
S256
π Authorization URL Template
β Verify a Pair
Paste a code_verifier to compute its challenge, or verify an existing pair.
βΉοΈ How PKCE Works
PKCE (Proof Key for Code Exchange, RFC 7636) prevents authorization code interception attacks in OAuth 2.0 public clients.
1. Client generates a random code_verifier (43β128 chars, [A-Z a-z 0-9 - . _ ~]). 2. Client computes code_challenge = BASE64URL(SHA256(code_verifier)) for S256 method. 3. Client sends code_challenge + code_challenge_method in the authorization request. 4. Client sends code_verifier in the token exchange request. 5. Server verifies the verifier matches the challenge before issuing tokens.