RFC 7636 — Proof Key for Code Exchange by OAuth Public Clients by node

OAuth 2.0 public clients are susceptible to an authorization code interception attack. This document describes Proof Key for Code Exchange (PKCE), which binds the authorization request to the token request with a one-time secret.