7.5. Request URI Swapping

An attacker could capture the request URI from one request and then substitute it into a different authorization request. For example, in the context of OpenID Connect, an attacker could replace a request URI asking for a high level of authentication assurance with one that requires a lower level of assurance. Clients SHOULD make use of PKCE [RFC7636], a unique state parameter [RFC6749], or the OIDC nonce parameter [OIDC] in the pushed Request Object to prevent this attack.

7.5. Request URI Swapping​

7.5. Request URI Swapping