I am new to PKCE-based authentication integration. I want to create API automation for PKCE enabled auth flow using Postman. These are the steps I have followed so far and still not able to get the access token.
curl --location 'https://{octa-url}/api/v1/authn' \
--header 'Content-Type: application/json' \
--header 'Cookie: DT=DI1MTuBjlqYTay_kF_4E8aY7w; JSESSIONID=C2E69C109D80E08FD28ADD71D00DE6AB; t=default' \
--data-raw '{
"username": "username",
"password": "password"
}'
Then it returns the sessionToken
The second Request I have sent is authorize Request
curl --location 'https://{okta-url}/oauth2/default/v1/authorize?client_id={client-id}&scope=openid&redirect_uri={callback-url}&response_type=code&state=state&sessionToken={sessionToken}&code_challenge={code-challenge}&code_challenge_method=S256&prompt=none' \
--header 'Cookie: DT=DI1MTuBjlqYTay_kF_4E8aY7w; JSESSIONID=FE3831EC2675E278EFE05F19AF59E686; sid=102Az6VmKP0R7m5BOYb1NJQUw; t=default'
Here to generate a code challenge I have used this online tool
Then Its response headers give the authorizationCode code. In this format
https://{call-back-url}?code={authorizationCode}&state=state
then the last request send the Token request as follows
curl --location 'https://{okta-url}/oauth2/default/v1/token?state=state' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: DT=DI1MTuBjlqYTay_kF_4E8aY7w; JSESSIONID=D0586125BC7DC964FE475B4C322B9999; sid=102Az6VmKP0R7m5BOYb1NJQUw; t=default' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'redirect_uri={callback-url}' \
--data-urlencode 'code={authorizationCode}' \
--data-urlencode 'code_verifier={code-verifier}' \
--data-urlencode 'client_id={client-id}'
Then It returns the response as 400 bad request.
{
"error": "invalid_grant",
"error_description": "PKCE verification failed."
}
Is there any issues with the flows I have followed?