Skip to main content

3. Terminology

In addition to the terms defined in OAuth 2.0 [RFC6749], this specification defines the following terms:

code verifier : A cryptographically random string that is used to correlate the authorization request to the token request.

code challenge : A challenge derived from the code verifier that is sent in the authorization request, to be verified against later.

code challenge method : A method that was used to derive code challenge.

Base64url Encoding : Base64 encoding using the URL- and filename-safe character set defined in Section 5 of [RFC4648], with all trailing = characters omitted (as permitted by Section 3.2 of [RFC4648]) and without the inclusion of any line breaks, whitespace, or other additional characters. (See Appendix A for notes on implementing base64url encoding without padding.)

3.1 Abbreviations

ABNF : Augmented Backus-Naur Form

Authz : Authorization

PKCE : Proof Key for Code Exchange

MITM : Man-in-the-middle

MTI : Mandatory To Implement

Last updated on