I’m doing a MFA on native mobile app: first username & password, then SMS code verification. This works great.
When I’m calling to rest API
oauth2/default/v1/authorize, with code challenge (PKCE), I receive a redirect response with code. Calling to
oauth2/default/v1/token with the following params:
- The returned code
- The code verifier used to create the code challenge
- redirect uri
This call results: invalid_client: No client credentials found.
What am I missing?