Pkce.IsPkceTokenDowngradeDetected

Is PKCE downgrade detected (token request)

Attackers can downgrade PKCE protection without the server noticing. The authorization request used PKCE, but an attacker can downgrade this modifying the token request.

View source code on GitHub

Documents

This test is part of the following document(s):

Back to the test case overview or the threat overview