ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

OAUTH-PKCE

Secure OAuth Authorization Code for public clients.

Definition

PKCE generates code_verifier (random 43-128 chars) and code_challenge = SHA256(verifier) base64url. The client sends code_challenge to authorization, then code_verifier to token endpoint. The server verifies SHA256. Mandatory in OAuth 2.1.

Origin

RFC 7636 published September 2015 by Nat Sakimura, John Bradley, Naveen Agarwal.

Example in context

A mobile EDI app consumes a B2B API via Authorization Code + PKCE, with no embedded client secret.

Last updated: May 16, 2026