Debugging backend when using AuthCode w/ PKCE

We use ImplicitFlow with our Angular UI + .NET webapi and it’s easy to debug the backend when needed by just grabbing the access token from the UI dev tools and pasting it into my api request header using a REST client.

However, we have a customer who wants to connect via SSO who doesn’t allow ImplicitGrants. I have researched the AuthCode flow w/ PKCE and it seems straight-forward with one exception. How would I generate an access token to make backend calls during debugging? I know it would still be accessible, but one of the pro’s of auth code is: “we’ll send the PKCE code verifier when making this request, which ensures that only the application that requested a code can exchange it for an access token”

So how can I make my own token to use? Can I use postman rest client to create one somehow? Less convenient, but not terrible. Pleas advise!

Hi @ddelapasse

You can authenticate via API in order to receive a sessionToken and then append it as a query parameter to /authorize endpoint.