Pkce.ShortVerifier

Are insecure code verifiers rejected

This test checks whether the server rejects PKCE code verifiers that are too short (less than 34 characters).

View source code on GitHub

Documents

This test is part of the following document(s):

• Proof Key for Code Exchange by OAuth Public Clients (RFC7636), section 4.1 (must)
• OAuth 2.0 Security Best Current Practice (draft 25) (SecBCP), section 2.1.1 (must)
• Financial-grade API Security Profile (FAPI) 1.0 – Part 1: Baseline (FAPI1Base), section 5.2.2 (must)

Back to the test case overview or the threat overview