← LibraryTechnique entry
AUTH-OIDC-PKCECredential Access
OIDC PKCE Downgrade
Public client allows code flow without PKCE — capture the authorisation code (referrer / log leak) and exchange it.
§ Where this technique fits
AUTH-OIDC-PKCE is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.