@misc{rfc7636,
    series =    {Request for Comments},
    number =    7636,
    howpublished =  {RFC 7636},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC7636},
    url =       {https://www.rfc-editor.org/info/rfc7636},
    author =    {Nat Sakimura and John Bradley and Naveen Agarwal},
    title =     {{Proof Key for Code Exchange by OAuth Public Clients}},
    pagetotal = 20,
    year =      2015,
    month =     sep,
    abstract =  {OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy").},
}