Pkce.IsPkceDowngradeDetected

Is PKCE downgrade detected (authorization request)

Attackers can downgrade PKCE protection without the server noticing. The server should disallow authorization code exchanges where a code_verifier is presented, if there was no code_challenge present in the authorization request.

View source code on BitBucket

Documents

This test is part of the following document(s):

Back to the test case overview or the threat overview