Glossary

Table of Contents

• VK Code
• IME
• PKCE
  • Why Clicker Uses PKCE
  • User Implications
  • Learn More

VK Code

A "Virtual Key Code" (VK code) is a unique identifier used to represent keyboard keys programmatically. In Clicker, VK codes are essential for key mapping and configuration.

Key Characteristics:

• Each physical key has a corresponding Virtual Key Code (e.g., 0x41 for 'A' key)
• In Clicker, VK codes are written with 'vk' prefix followed by the hexadecimal value without '0x'
  • Example: 0x41 is written as vk41
  • This format allows Clicker to recognize and process the codes correctly
• Some keys may have different codes based on keyboard layout or IME status

Common VK Codes in Clicker:

• vka1 (0xA1): Right Shift
• vk19 (0x19): Right Ctrl (when IME active)
• vka3 (0xA3): Right Ctrl (when IME inactive)
• vk5d (0x5D): Apps/Menu key

Important Notes for Users:

1. Direct Input vs VK Code
   • Letters (A-Z) and numbers (0-9) can be input directly
   • Special keys require VK code input
2. Verification Methods:
   • Use VK code input panel to verify codes
   • Test keys in your actual usage environment
   • Check codes under different IME states
3. Common Issues:
   • Numpad keys behave differently with NumLock on/off
   • Don't use Modifier keys (LCtrl, LAlt, LShift) for mapping. They may have side effects.
   • Some multimedia keys may not register standard VK codes

Warning

Avoid using following keys as they may conflict with system functions:

• Left Ctrl (vka2)
• Left Alt (vka4)
• Left Shift (vka0)

Note

For key mapping configuration, always use VK code input panel to ensure correct code identification.

---

IME

Input Method Editor (IME) is a system component that affects how keyboard inputs are processed.

Key Points for VK Code input :

• IME can change how your keyboard's physical keys are interpreted
• The same physical key may generate different VK codes depending on IME status
• This particularly affects special keys like RCtrl, RAlt, and function keys
• Common in multi-language environments (e.g., Asian language input systems)

Note

When configuring VK codes, always check your current IME status as it can affect the correct code values for your keys.

---

PKCE

Proof Key for Code Exchange (PKCE, pronounced “pixy”) is a security extension for the OAuth 2.0 authentication protocol, used in Clicker’s Google Drive synchronization. It helps prevent authorization code interception, adding an extra layer of protection for your Google account.

Why Clicker Uses PKCE

• Enhanced Security
  PKCE ensures your Google account remains protected, even if you sign in on shared or public devices.
• Device Independence
  Works smoothly without requiring the Google Drive desktop app—everything is handled securely within Clicker.
• Protection Against Interception
  By binding your authorization code to a “challenge” and “verifier,” PKCE prevents malicious apps from hijacking tokens.

User Implications

1. Regular Re-authentication
   
   • When refresh tokens expire, you must manually log in again.
     
   • This is a deliberate security measure, not a limitation.
     
   • It protects against unauthorized access if your device gets compromised.
2. Token Expiration
   
   • Google enforces expiration periods for OAuth tokens.
     
   • When a token expires, Clicker will notify you to re-authenticate.
     
   • This ensures only you can authorize continued access to your Google Drive.

3. Authentication Process
   

   • Requires explicit user interaction (visiting Google’s sign-in page).
     
   • Cannot be fully automated or bypassed due to security reasons.
     
   • Each sign-in session needs your approval through the official Google interface.

   Note

   PKCE authentication always requires manual intervention upon token expiry. This is an intentional design choice for added security, as automated renewal could introduce vulnerabilities.

   Warning

   Never attempt to bypass the authentication process or use unauthorized tools to automate it. Doing so can compromise your Google account’s security.

Learn More

For detailed information on PKCE and OAuth 2.0 security, we recommend reviewing the following resources:

• RFC 7636 (PKCE)
  
• OAuth 2.0 RFC 6749
  
• Official OAuth documentation
  

By exploring these materials, you’ll gain deeper insight into how PKCE prevents authorization code interception and how to securely implement OAuth 2.0 in various environments.