Using Swagger UI to access API endpoints. When the token endpoint is hit, it passes the following properly
grant_type
code
client_id
client_secret
redirect_uri
code_verifier
but still getting the error Auth ErrorError, error: invalid_client, description: Browser requests to the token endpoint must use Proof Key for Code Exchange.
A search resulted in this article which does not mention how to remove the origin header from being passed.
@srajgopal
I suggest you can test in desktop postman app as below:
To setup the environment, you can refer the below doc.
https://developer.okta.com/code/rest/#set-up-your-environment
To import the collections, please refer this doc.
https://developer.okta.com/docs/reference/postman-collections/
You must configure Okta with an app integration of “Single-Page Application” for it to support what Swagger UI is doing.
The documentation is slightly misleading. For PKCE you must have the origin header. The catch is that you must not send client_secret . Setting this field to “” or even removing this setting on swagger (depending what swagger library/implementation you are using) will solve the problem
