Pkce.IsPkceDowngradeDetectedTest

Is PKCE downgrade detected

Attackers can downgrade PKCE protection without the server noticing. The server should disallow authorization code exchanges where a code_verifier is presented, if there was no code_challenge present in the authorization request.

Documents

This test is part of the following document(s):