PKCE Generator
Generate code_verifier and code_challenge (S256) for OAuth 2.0 / OIDC authorization code flow, plus state, nonce random values. All generated in-browser.
How to Use
- Include
code_challengeandcode_challenge_method=S256in authorization request (authorization endpoint), plusstate,nonce; - Include
code_verifierwhen exchanging for token (token endpoint); - Authorization server compares
SHA-256(code_verifier)against the previouscode_challenge.
See PKCE explanation in OAuth 2.0 Core Concepts.