Skip to main content

ChallengedPKCE

Properties

NameTypeDescriptionNotes
statejava.util.UUIDAn opaque value the clients adds to the initial request that Auth0 includes when redirecting the back to the client. This value must be used by the client to prevent CSRF attacks.
noncejava.util.UUIDA local key that is held as the comparator to state, thus they should be the same.
challengekotlin.StringGenerated challenge from the code_verifier.
methodinlineMethod used to generate the challenge. The PKCE spec defines two methods, S256 and plain, however, Auth0 supports only S256 since the latter is discouraged.
verifierkotlin.StringCryptographically random key that was used to generate the code_challenge passed to /authorize.
schemaEmbeddedModelSchema[optional]

method

NameValue
methodS256