「应用安全」OAuth和OpenID Connect的全面比较(44)_1.简介在这篇文章中

// the authorization request.

String challenge = acEntity.getCodeChallenge();

if (challenge == null)

{

// The authorization request did not contain

// 'code_challenge'.

return;

// If the authorization request contained 'code_challenge'

// the token request must contain 'code_verifier'. Extract

// the value of 'code_verifier' from the token request.

String verifier = extractFromParameters(

\"code_verifier\" invalid_grant A050312 A050313 A050314);

// Compute the challenge using the verifier

「应用安全」OAuth和OpenID Connect的全面比较(44)