Missing PKCE configuration
AI security governance · MCP security
Severity
medium
What it is
PKCE (Proof Key for Code Exchange) is not enabled, leaving the OAuth flow vulnerable to authorization code interception attacks.
How Igris detects it
Igris's OAuth Configuration Checker flags this during MCP security scans of your configuration.
References
Related MCP security rules
Secure your AI estate with Igris