%% You should probably cite draft-ietf-oauth-token-binding instead of this I-D. @techreport{campbell-oauth-tbpkce-00, number = {draft-campbell-oauth-tbpkce-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-campbell-oauth-tbpkce/00/}, author = {Brian Campbell and John Bradley and Michael B. Jones}, title = {{A Token Binding method for OAuth 2.0 Proof Key for Code Exchange}}, pagetotal = 5, year = 2016, month = jul, day = 8, abstract = {This specification describes a Proof Key for Code Exchange (PKCE) {[}RFC7636{]} method utilizing Token Binding over HTTP {[}I-D.ietf-tokbind-https{]} to cryptographically bind the OAuth 2.0 {[}RFC6749{]} authorization code to a key pair on the client, which it proves possession of during the access token request with the authorization code.}, }