Hello the Okta team,
I would like to create a client in order to test PKCE on the top of a confidentiel client like explained in this post.
I try to create a confidential client with pkce enabled using the admin UI. I think that I have successfully created an confidential client thought the “Web” UI step but I saw nothing in order to enable the PKCE on it. On an other hand I have successfully created a public client thought the “SPA” UI step with PKCE enabled.
I can connect myself to the “SPA” client without the client secret. So I do not think that this is the good way.
I can also connect myself to the “WEB” application with no PKCE enabled on the client side.
I found nothing in the documentation but maybe the confidential client is by default PKCE enabled and can accept PKCE or not, adapting himself to the best way. Could you confirm me this ?