Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / blockchainNEWS /
GitHub Fortifies Security: PKCE Now Mandatory for OAuth & GitHub Apps

GitHub Fortifies Security: PKCE Now Mandatory for OAuth & GitHub Apps

Author:
blockchainNEWS
Published:
2025-07-15 05:40:03
7
3

GitHub just slammed the door on authorization loopholes. The platform now enforces PKCE (Proof Key for Code Exchange) for all OAuth integrations and GitHub Apps—no more half-measures in the fight against token interception attacks.

Why this matters: Developers can finally stop pretending their side projects are 'too small' to be targeted. Meanwhile, Wall Street still thinks '2FA' is a type of crypto token.

The silent upgrade: No fanfare, no blog post confetti—just a quiet rollout that actually improves security. Unlike certain blockchain 'innovations,' this one doesn't require a whitepaper to explain its utility.

Bottom line: GitHub's move proves real security evolves faster than crypto hype cycles. Now if only they could fix 'npm left-pad' with the same efficiency.

GitHub Enhances Security with PKCE Support for OAuth and GitHub Apps

GitHub Introduces PKCE Support

GitHub has announced the integration of Proof Key for Code Exchange (PKCE) into its OAuth and GitHub App authentication processes. This MOVE aims to bolster security by ensuring that only the initiating client can exchange authorization codes for access tokens, according to GitHub.

Understanding PKCE

PKCE, a security extension of OAuth 2.0 standard (RFC 7636), addresses vulnerabilities by adding an additional LAYER of security during the code exchange process. Applications can implement PKCE by including code_challenge_method and code_challenge parameters during user authorization flows. The corresponding code_verifier parameter is then required when exchanging the code for an access token. Notably, only the S256 code challenge method is supported.

Current Requirements and Exemptions

At this time, GitHub is not mandating the use of PKCE for any authentication flows, as it does not differentiate between public and confidential clients. However, it is recommended for both GitHub Apps and OAuth apps during authorization code flows. Notably, the device code FLOW and installation token flows remain unaffected by PKCE requirements.

A few applications previously misusing PKCE have been temporarily exempted from enforcement to prevent disruptions. GitHub has contacted these developers to assist in updating their applications to properly implement PKCE.

Impact on Developers

This change underscores GitHub's commitment to enhancing security for its users. While the transition may require adjustments for some developers, the long-term benefits of improved security and user trust are expected to outweigh initial implementation challenges.

Image source: Shutterstock
  • github
  • pkce
  • oauth
  • security

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved