PKCE Generator

Generate a PKCE code_verifier and code_challenge for OAuth 2.0 authorization flows. Leave empty to auto-generate, or paste your own verifier.

  • Runs entirely in your browser
  • No data stored or sent to a server
  • Free forever — no signup
  • Instant conversion

Input and Output

Use the interactive encoder and decoder on this page to process your text.

Learn more about PKCE

How to Generate PKCE Values for OAuth

PKCE Generation

What is PKCE?

Proof Key for Code Exchange (PKCE, RFC 7636) protects OAuth 2.0 authorization code flows. The client generates a code_verifier, derives a code_challenge, and sends the challenge with the authorize request. The verifier is sent during token exchange.

S256 vs plain

S256 (recommended) hashes the verifier with SHA-256 and Base64URL-encodes the result. Plain sends the verifier as the challenge — only use when the authorization server requires it.

OAuth Flow

  1. Generate code_verifier and code_challenge
  2. Redirect user to authorize URL with code_challenge and code_challenge_method
  3. Exchange authorization code for tokens with code_verifier

Frequently asked questions

Should I use S256 or plain?

Use S256 unless your OAuth provider explicitly requires plain. S256 is the industry standard and more secure.

Can I provide my own code_verifier?

Yes. Paste a verifier between 43 and 128 characters using unreserved URI characters [A-Za-z0-9-._~], or leave empty to auto-generate one.