PKCE Generator

Generate a cryptographically random code_verifier and its SHA-256 code_challenge for OAuth 2.0 PKCE flows. All generation happens in your browser.

100% In-Browser Processing. Your files never leave your device.

PKCE Code Verifier & Challenge

For OAuth 2.0 / OIDC PKCE flows using the S256 (SHA-256) method.

Verifier length (characters)

RFC 7636 requires 43–128 characters.

Click “Generate PKCE Pair” above to create a new verifier and challenge

About this tool

PKCE (Proof Key for Code Exchange, pronounced 'pixy') is an OAuth 2.0 security extension defined in RFC 7636. It prevents authorization code interception attacks in public clients (mobile apps and single-page applications) that cannot securely store a client secret. PKCE works by generating a random code_verifier, computing its SHA-256 hash as the code_challenge, and sending the challenge with the authorization request. When the authorization code is exchanged for an access token, the original verifier is sent — proving the request comes from the same client that initiated the flow.

PKCE Generator

PKCE Code Verifier & Challenge

What is PKCE Generator?

How to Use PKCE Generator

Common Use Cases

Why Use an In-Browser Tool?

Frequently Asked Questions