admin管理员组文章数量:1384317
It's unclear to me how PKCE will fundamentally protect against CSRF attacks. If I'm logged in as an authorized user, and click a malicious link to "change the state" of my application, how will PKCE block that from happening? The access/refresh tokens are already granted, where does validation of the code_verifier/code_challenge come into play to block this?
本文标签: oauth 20How does PKCE protect against CSRF attacksStack Overflow
版权声明:本文标题:oauth 2.0 - How does PKCE protect against CSRF attacks? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744495916a2609024.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论