Witness a practical demo of an authorization code injection attack! You'll see how our Hax0r D00d assumes the identity of the R00b D00d.
Spoiler alert: Using the PKCE extension with a confidential client thwarts this attack. You'll see this in action too.