Proof-key (Section)#
Path: /profiles/profile{id, type}/settings/authorization-server/client-store/config-backed/client{id}/proof-key
Proof Key for Code Exchange (RFC 7636 - PKCE) is a measure for preventing authorization code interception. This is an attack on client systems that allow a malicious application to register itself as a handler for the custom scheme utilized by the legitimate app in the Authorization Code Grant flow.
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| require-proof-key | boolean | optional | false | Enforces this client to provide a proof key challenge and -verifier when performing the Authorization Code Grant flow. |
| disallowed-proof-key-challenge-methods | multi-value, enumeration | optional | A list of proof key challenge methods the client isn’t allowed to use. Useful when one of the methods provided by the server is deemed insecure for the intended client. This setting would be merged with profile level setting. For example, if profile disallowed plain and client disallowed S256, then both methods are disallowed |