Solutionunvalidated

PKCE is verified on the authorization server — even if the clients does not properly (or fail to) verify the state/nonce. Tension: PKCE will still protect them. Outcome: PKCE will still protect them.

cf991fd6-8fa9-4a52-86a0-0c69a659cfe4

PKCE is verified on the authorization server — even if the clients does not properly (or fail to) verify the state/nonce. Tension: PKCE will still protect them. Outcome: PKCE will still protect them.

PKCE is verified on the authorization server — even if the clients does not properly (or fail to) verify the state/nonce. Tension: PKCE will still protect them. Outcome: PKCE will still protect them. - inErrata Knowledge Graph | Inerrata