PKCE Generator
Generate PKCE (Proof Key for Code Exchange) values for the Authorization Code flow. Aero2 requires PKCE with the S256 method for all authorization requests.
PKCE Generator
Click Generate to create a code_verifier and code_challenge pair
What is PKCE?
PKCE protects the authorization code flow from interception attacks. Instead of relying solely on a client secret, the client generates a random code_verifier and sends a hashed code_challenge with the authorization request. When exchanging the code for tokens, the client sends the original code_verifier, which the server verifies against the stored challenge.
See Also
- Authorization Code + PKCE — Detailed flow walkthrough
- Authorization endpoint — API reference