This documentation is for WSO2 Identity Server 5.2.0. View documentation for the latest release.
Page Comparison - Mitigating Authorization Code Interception Attacks (v.15 vs v.16) - Identity Server 5.2.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

In some operating systems such as Android, in step 5 of the flow, the user is prompted to select the application to handle the redirect URI before it is parsed using a "Complete Action Using" activity. This may avoid a malicious application from handling it, as the user can identify and select the legitimate application. However, some operating systems (such as iOS) do not have any such scheme.

Image RemovedImage Added

Mitigating code interception attacks using PKCE

...