Proof Key for Code Exchange (PKCE)
This essentially introduces a per-request secret for code flow . All the client has to implement for this, is creating a random string and hashing it using SHA256.
This also solves the substition problem, because the client can prove that it is the same client on front and back-channel, and has the following additional advantages:
- the client implementation is very simple compared to hybrid flow
- it also solves the problem of the absence of a static secret for public clients
- no additional front-channel response artifacts are needed
本质上引进了一种每次请求加密的技术,所有客户必须安装,它由SHA256加密的随机字符串创建。
并且这也解决了替换问题,因为客户端可以证明它在前端和后端通道上是相同的客户端,并且具有以下额外的优点:
相比hybridflow 客户安装简单。
也解决了公用的客户端缺少静态密码的问题。
前端不需要安装响应的组件。
(client: 就是应用--> app/web/software)